Wednesday, June 13, 2018

IBM Security Bulletin: IBM MQ and WebSphere MQ are affected by multiple vulnerabilities in OpenSSL and GSKit.

IBM MQ and WebSphere MQ have addressed multiple vulnerabilities in OpenSSL and GSKit. OpenSSL is used by IBM MQ Advanced Message Security on the IBM i platform only.

CVE(s): CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1428, CVE-2018-1427, CVE-2018-1426, CVE-2018-1447

Affected product(s) and affected version(s):

WebSphere MQ v7.0.1

  • Maintenance levels: 7.0.1.0 – 7.0.1.14

WebSphere MQ v7.1

  • Maintenance levels: 7.1.0.0 – 7.1.0.9

WebSphere MQ v7.5

  • Maintenance levels: 7.5.0.0 – 7.5.0.8

IBM MQ v8.0 and IBM MQ Appliance v8.0

  • Maintenance level: 8.0.0.0 – 8.0.0.8

IBM MQ v9.0 LTS

  • Maintenance levels: 9.0.0.0 – 9.0.0.2

IBM MQ v9.0.x CD and IBM MQ Appliance v9.0.x CD

  • IBM MQ version 9.0.1 – 9.0.4

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22014651
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111140
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121313
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134397
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139073
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139072
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139071
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139972

The post IBM Security Bulletin: IBM MQ and WebSphere MQ are affected by multiple vulnerabilities in OpenSSL and GSKit. appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2HK9Ujg

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.