CVE-2015-2018

Name of the Vulnerable Software and Affected Versions IBM Integration Bus versions 9.0.0 through 10.0.0.0 IBM Integration Bus version 10.0.0.0 is not affected, but versions prior to 10.0.0.1 are vulnerable, so the correct range is: IBM Integration Bus versions 9.0.0 through 10.0.0.0 and version 10.0.0.1 is not the start of the range, the correct range is prior to 10.0.0.1. IBM Integration Bus versions prior to 10.0.0.1 WebSphere Message Broker versions 7.0.0 through 7.0.0.7 WebSphere Message Broker versions 8.0.0 through 8.0.0.6

Description The issue allows remote authenticated users to obtain sensitive information via unspecified vectors because the correct security profile is not ensured.

Recommendations For IBM Integration Bus versions prior to 10.0.0.1, update to version 10.0.0.1 or later. For WebSphere Message Broker versions 7.0.0 through 7.0.0.7, update to version 7.0.0.8 or later. For WebSphere Message Broker versions 8.0.0 through 8.0.0.6, update to version 8.0.0.7 or later.