An authenticated user with authority to send a specially crafted message could cause a SDR or CLUSSDR channel to remain in a running state but not process messages.
CVE(s): CVE-2017-1285
Affected product(s) and affected version(s):
IBM MQ V9 CD
- IBM MQ V9.0.1 – V9.0.2
IBM MQ Appliance V9 CD
- IBM MQ Appliance V9.0.1 and V9.0.2
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2tJovWF
X-Force Database: http://ift.tt/2t02R3x
The post IBM Security Bulletin: IBM MQ and IBM MQ Appliance invalid requests cause denial of service to SDR and CLUSSDR channels (CVE-2017-1285) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2tJyxaf
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.