CVE-2017-1318

Name of the Vulnerable Software and Affected Versions IBM MQ Appliance versions 8.0 through 9.0

Description The issue allows an authenticated messaging administrator to execute arbitrary commands on the system due to command execution. This is caused by the failure to neutralize special elements used in the operating system command. Exploitation of the issue may allow a remote attacker to execute arbitrary commands.

Recommendations For IBM MQ Appliance versions 8.0 through 9.0, consider restricting access to the system to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the privileges of messaging administrators to prevent arbitrary command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.