PT-2017-7614 · Ibm · Ibm Websphere Mq Jms
Matthias Kaiser
·
Published
2017-02-15
·
Updated
2017-07-27
·
CVE-2016-0360
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Websphere MQ JMS versions 7.0.1, 7.1, 7.5, 8.0, and 9.0
Description
The issue allows a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath, as the JMS client provides classes that deserialize objects from untrusted sources.
Recommendations
For IBM Websphere MQ JMS version 7.0.1, update to a fixed version to prevent arbitrary Java code execution.
For IBM Websphere MQ JMS version 7.1, update to a fixed version to prevent arbitrary Java code execution.
For IBM Websphere MQ JMS version 7.5, update to a fixed version to prevent arbitrary Java code execution.
For IBM Websphere MQ JMS version 8.0, update to a fixed version to prevent arbitrary Java code execution.
For IBM Websphere MQ JMS version 9.0, update to a fixed version to prevent arbitrary Java code execution.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Websphere Mq Jms