PT-2017-7614 · Ibm · Ibm Websphere Mq Jms
Matthias Kaiser
·
Publicado
2017-02-15
·
Atualizado
2017-07-27
·
CVE-2016-0360
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Websphere MQ JMS versions 7.0.1, 7.1, 7.5, 8.0, and 9.0
Description
The issue allows a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath, as the JMS client provides classes that deserialize objects from untrusted sources.
Recommendations
For IBM Websphere MQ JMS version 7.0.1, update to a fixed version to prevent arbitrary Java code execution.
For IBM Websphere MQ JMS version 7.1, update to a fixed version to prevent arbitrary Java code execution.
For IBM Websphere MQ JMS version 7.5, update to a fixed version to prevent arbitrary Java code execution.
For IBM Websphere MQ JMS version 8.0, update to a fixed version to prevent arbitrary Java code execution.
For IBM Websphere MQ JMS version 9.0, update to a fixed version to prevent arbitrary Java code execution.
Correção
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Websphere Mq Jms