CVE-2017-1612

Опубликовано: 09 янв. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg22009918
Patch
Vendor Advisory
http://www.securityfocus.com/bid/102479
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040175
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/132953
VDB Entry
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22009918
Patch
Vendor Advisory
http://www.securityfocus.com/bid/102479
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040175
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/132953
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.0.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.0.1.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.0.1.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.0.1.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.0.1.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.0.1.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.0.1.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.0.1.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.0.1.13:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.0.1.14:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:ibm:websphere_mq:7.1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:7.1.0.8:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*

Конфигурация 6

Одно из

cpe:2.3:a:ibm:websphere_mq:9.0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:9.0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_mq:9.0.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00094

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-5pp4-33gx-7pgq

CVSS3: 7.8

github

больше 3 лет назад

IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.

EPSS

Процентиль: 27%

0.00094

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

NVD-CWE-noinfo