There are multiple vulnerabilities in IBM® Runtime Environment Java™ versions 6, 7 and 8 used by IBM MQ. These issues were disclosed as part of the IBM Java SDK updates in January 2018.
CVE(s): CVE-2018-2579, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678, CVE-2018-2602, CVE-2018-2603, CVE-2018-2657, CVE-2018-2618, CVE-2018-2637, CVE-2018-2633
Affected product(s) and affected version(s):
IBM MQ 9.0.0.x Long Term Support (LTS)
Maintenance level 9.0.0.2 and earlier
IBM MQ 9.0.x and IBM MQ Appliance 9.0.x Continuous Delivery Release (CDR)
Continuous delivery update 9.0.4 and earlier
IBM MQ 8.0 and IBM MQ Appliance 8.0
Maintenance levels 8.0.0.8 and earlier
WebSphere MQ 7.5
Maintenance levels 7.5.0.8 and earlier
WebSphere MQ 7.1
Maintenance levels 7.1.0.8 and earlier
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22016278
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137833
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137917
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137932
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137933
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137854
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137855
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137910
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137870
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137889
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137885
The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2J4yCiM
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.