PT-2015-6751 · Ibm · Ibm Integration Bus+1

Publicado

2015-10-26

Atualizado

2015-10-27

CVE-2015-5011

CVSS v2.0

3.2

Baixa

Vetor

AV:L/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM WebSphere Message Broker versions 8.0.0 through 8.0.0.5 IBM Integration Bus versions 9.0.0 through 9.0.0.3

Description The issue allows local users to bypass intended access restrictions and start or stop a service by issuing certain commands, due to a lack of authorization checks for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands.

Recommendations For IBM WebSphere Message Broker versions 8.0.0 through 8.0.0.5, update to version 8.0.0.6 or later. For IBM Integration Bus versions 9.0.0 through 9.0.0.3, update to version 9.0.0.4 or later.

Correção

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

CVE-2015-5011

Produtos afetados

Ibm Integration Bus

Ibm Websphere Message Broker

PT-2015-6751 · Ibm · Ibm Integration Bus+1

CVE-2015-5011

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3