IBM WebSphere MQ has addressed the following vulnerability. An undocumented environment variable intended for use by IBM support could be used to execute untrusted code using the ‘mqm’ user.
CVE(s): CVE-2017-1612
Affected product(s) and affected version(s):
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2qnX5HV
X-Force Database: http://ift.tt/2lTvDgz
The post IBM Security Bulletin: IBM WebSphere MQ is affected by a privilege escalation vulnerability (CVE-2017-1612) appeared first on IBM PSIRT Blog.
| Product | Affected Versions |
| IBM WebSphere MQ | 7.0.1.0 – 7.0.1.14 |
| IBM WebSphere MQ | 7.1.0.0 – 7.1.0.8 |
| IBM WebSphere MQ | 7.5.0.0 – 7.5.0.8 |
| IBM MQ | 8.0.0.0 – 8.0.0.7 |
| IBM MQ (LTS) | 9.0.0.0 – 9.0.0.1 |
| IBM MQ (CD) | 9.0.1.0 – 9.0.3.0 |
from IBM Product Security Incident Response Team http://ift.tt/2qlQy0v
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.