Home Unlabelled IBM Security Bulletin: IBM WebSphere MQ JMS client deserialization RCE vulnerability (CVE-2016-0360)

IBM Security Bulletin: IBM WebSphere MQ JMS client deserialization RCE vulnerability (CVE-2016-0360)

By
Friday, February 17, 2017
Read
Add Comment

A potential vulnerability exists within the JMSObjectMessage class, which IBM WebSphere MQ provides as part of its Java Message Service implementation.

CVE(s): CVE-2016-0360

Affected product(s) and affected version(s):

IBM MQ 9.0

IBM MQ 9.0.0.0 only

IBM WebSphere MQ 8.0

IBM WebSphere MQ 8.0.0.0 through 8.0.0.5 maintenance levels

IBM WebSphere MQ 7.5

IBM WebSphere MQ 7.5.0.0 through 7.5.0.7 maintenance levels

IBM WebSphere MQ 7.1

IBM WebSphere MQ 7.1.0.0 through 7.1.0.8 maintenance levels

IBM WebSphere MQ 7.0.1

IBM WebSphere MQ 7.0.1.0 through 7.0.1.14 maintenance levels

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2l1f8Pp
X-Force Database: http://ift.tt/2kR4LLL

The post IBM Security Bulletin: IBM WebSphere MQ JMS client deserialization RCE vulnerability (CVE-2016-0360) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2l14SGW
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us