IBM Security Bulletin: A vulnerability in Java runtime from IBM affects IBM WebSphere MQ

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6, 7 and 8 that are used by IBM MQ. These issues were disclosed as part of the Java SDK updates from IBM in April 2017.

CVE(s): CVE-2017-3511, CVE-2017-3533, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843

Affected product(s) and affected version(s):

IBM MQ 9.0.0.x Long Term Support (LTS)
Maintenance level 9.0.0.0 only

IBM MQ 9.0.x Continuous Delivery Release (CDR)
Continuous delivery update 9.0.1 only

IBM MQ Appliance 9.0.x
Update 9.0.1 only

IBM MQ 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.5

IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.5

WebSphere MQ 7.5
Maintenance levels between 7.5.0.0 and 7.5.0.7

WebSphere MQ 7.1
Maintenance levels between 7.1.0.0 and 7.1.0.8

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2f1tij8
X-Force Database: http://ift.tt/2pv7JaY
X-Force Database: http://ift.tt/2pv79tT
X-Force Database: http://ift.tt/2lLwOQm
X-Force Database: http://ift.tt/2mlzP6B
X-Force Database: http://ift.tt/2lLuetu
X-Force Database: http://ift.tt/2mlCjlv

The post IBM Security Bulletin: A vulnerability in Java runtime from IBM affects IBM WebSphere MQ appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2hgp0Fb