Wednesday, January 4, 2017

IBM Security Bulletin: Agent Relay ActiveMQ Broker unauthenticated JMX interface can be accessed from remote hosts (CVE-2016-9008 )

IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.

CVE(s): CVE-2016-9008

Affected product(s) and affected version(s):

IBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.0.1.13, 6.0.1.14, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.1.3.3, 6.2.0.0, 6.2.0.1, 6.2.0.2, 6.2.1, 6.2.1.1, 6.2.2, 6.2.2.1 on all supported platforms.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j4KvVg
X-Force Database: http://ift.tt/2iI9Zvp



from IBM Product Security Incident Response Team http://ift.tt/2j4wcQK
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)