IBM Security Bulletin: IBM MQ and IBM MQ Appliance MQOPEN call might succeed when it should have failed. (CVE-2017-1341 )

MQOPEN call might succeed when it should have failed, when using generic profile authority matching for remotely defined MQ object.

CVE(s): CVE-2017-1341

Affected product(s) and affected version(s):

IBM MQ V8

Maintenance levels 8.0.0.0 – 8.0.0.7

IBM MQ Appliance V8

Maintenance levels between 8.0.0.0 and 8.0.0.7

IBM MQ V9

Maintenance levels 9.0.0.0 – 9.0.0.1

IBM MQ V9 CD

IBM MQ 9.0.1 – 9.0.3

IBM MQ Appliance V9 CD

IBM MQ Appliance 9.0.1 – 9.0.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2A7QJAY
X-Force Database: http://ift.tt/2AYg0gN

The post IBM Security Bulletin: IBM MQ and IBM MQ Appliance MQOPEN call might succeed when it should have failed. (CVE-2017-1341 ) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2A5m0UX