| VID |
22844 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
According to its self-reported version, the IBM WebSphere MQ server installed on the remote host is 9.0.x < 9.0.5.
- A specially crafted message could cause a denial of service in an IBM MQ application consuming messages that the application needs to perform data conversion on. (CVE-2017-1747)
- IBM MQ Clients can send a specially crafted message that could cause a channel to SIGSEGV. (CVE-2017-1747)
- This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077(CVE-2018-1429)
* References :
https://www-01.ibm.com/support/docview.wss?uid=swg22012992
https://www-01.ibm.com/support/docview.wss?uid=swg24044508
https://www-01.ibm.com/support/docview.wss?uid=swg22014046
* Platforms Affected:
IBM WebSphere Application Server versions 9.0.x prior to 9.0.5 |
| Recommendation |
'Upgrade to the latest version of IBM WebSphere Application Server 9.0.5 or later, available from the IBM Support & downloads Web site at https://www-01.ibm.com/support/docview.wss?uid=swg22014046 |
| Related URL |
CVE-2017-1747,CVE-2018-1429 (CVE) |
| Related URL |
103491,103590 (SecurityFocus) |
| Related URL |
(ISS) |
|
