IBM MQ and WebSphere MQ have addressed multiple vulnerabilities in OpenSSL and GSKit. OpenSSL is used by IBM MQ Advanced Message Security on the IBM i platform only.
CVE(s): CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1428, CVE-2018-1427, CVE-2018-1426, CVE-2018-1447
Affected product(s) and affected version(s):
WebSphere MQ v7.0.1
- Maintenance levels: 7.0.1.0 – 7.0.1.14
WebSphere MQ v7.1
- Maintenance levels: 7.1.0.0 – 7.1.0.9
WebSphere MQ v7.5
- Maintenance levels: 7.5.0.0 – 7.5.0.8
IBM MQ v8.0 and IBM MQ Appliance v8.0
- Maintenance level: 8.0.0.0 – 8.0.0.8
IBM MQ v9.0 LTS
- Maintenance levels: 9.0.0.0 – 9.0.0.2
IBM MQ v9.0.x CD and IBM MQ Appliance v9.0.x CD
- IBM MQ version 9.0.1 – 9.0.4
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22014651
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111140
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121313
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134397
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139073
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139072
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139071
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139972
The post IBM Security Bulletin: IBM MQ and WebSphere MQ are affected by multiple vulnerabilities in OpenSSL and GSKit. appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2HK9Ujg
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.