CVE-2017-1341
low
CVSS v3
3.7
CVSS v2
4.3
VIR risk
3.7
Description
IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.
Predictions
Exploit likelihood
47%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — https://exchange.xforce.ibmcloud.com/vulnerabilities/126456
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg22005400
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 | |
| ibm | websphere_mq | 8.0.0.6 | |
| ibm | websphere_mq | 8.0.0.7 | |
| ibm | websphere_mq | 9.0 | |
| ibm | websphere_mq | 9.0.0.1 | |
| ibm | websphere_mq | 9.0.1 | |
| ibm | websphere_mq | 9.0.2 | |
| ibm | websphere_mq | 9.0.3 | |
References
- http://www.ibm.com/support/docview.wss?uid=swg22005400
- http://www.securityfocus.com/bid/102042
- https://exchange.xforce.ibmcloud.com/vulnerabilities/126456
- http://www.ibm.com/support/docview.wss?uid=swg22005400
- http://www.securityfocus.com/bid/102042
- https://exchange.xforce.ibmcloud.com/vulnerabilities/126456
Verify integrity in audit chain (admin only). AS-IS.