IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ

There are multiple vulnerabilities in IBM® Runtime Environment Java™ versions 6, 7 and 8 used by IBM MQ. These issues were disclosed as part of the IBM Java SDK updates in April 2018.

CVE(s): CVE-2018-2799, CVE-2018-2798, CVE-2018-2797, CVE-2018-2796, CVE-2018-2795, CVE-2018-2794, CVE-2018-2814, CVE-2018-2783, CVE-2018-2790

Affected product(s) and affected version(s):

IBM MQ 9.0.0.x Long Term Support (LTS)
Maintenance level 9.0.0.4 and earlier

IBM MQ 9.0.x and IBM MQ Appliance 9.0.x Continuous Delivery Release (CDR)
Continuous delivery update 9.0.5 and earlier

IBM MQ 8.0 and IBM MQ Appliance 8.0
Maintenance levels 8.0.0.9 and earlier

WebSphere MQ 7.5
Maintenance levels 7.5.0.8 and earlier

WebSphere MQ 7.1
Maintenance levels 7.1.0.9 and earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10717125
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141955
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141954
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141953
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141952
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141951
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141950
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141970
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141939
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141946

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2L01XYY