There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6, 7 and 8 that are used by IBM MQ. These issues were disclosed as part of the Java SDK updates from IBM in April 2017.
CVE(s): CVE-2017-3511, CVE-2017-3533, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843
Affected product(s) and affected version(s):
IBM MQ 9.0.0.x Long Term Support (LTS)
Maintenance level 9.0.0.0 only
IBM MQ 9.0.x Continuous Delivery Release (CDR)
Continuous delivery update 9.0.1 only
IBM MQ Appliance 9.0.x
Update 9.0.1 only
IBM MQ 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.5
IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.5
WebSphere MQ 7.5
Maintenance levels between 7.5.0.0 and 7.5.0.7
WebSphere MQ 7.1
Maintenance levels between 7.1.0.0 and 7.1.0.8
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2f1tij8
X-Force Database: http://ift.tt/2pv7JaY
X-Force Database: http://ift.tt/2pv79tT
X-Force Database: http://ift.tt/2lLwOQm
X-Force Database: http://ift.tt/2mlzP6B
X-Force Database: http://ift.tt/2lLuetu
X-Force Database: http://ift.tt/2mlCjlv
The post IBM Security Bulletin: A vulnerability in Java runtime from IBM affects IBM WebSphere MQ appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2hgp0Fb
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.