EUVD-2016-0395

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

IBM Websphere MQ clients allow deserialization from untrusted sources, risking arbitrary code execution

Reporter	Title	Published	Views	Family All 30
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2016-0360)	22 Sep 202203:02	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in Websphere Application Server shipped with Predictive Customer Intelligence (CVE-2016-0360, CVE-2017-1151)	11 Feb 202021:31	–	ibm
IBM Security Bulletins	Security Bulletin:IBM Integration Bus is affected by deserialization RCE vulnerability in IBM WebSphere JMS Client	23 Mar 202020:41	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2016-0360)	15 Jun 201807:07	–	ibm
IBM Security Bulletins	Security Bulletin: Potential security vulnerability in IBM WebSphere Application Server in Bluemix MQ JCA Resource adapter (CVE-2016-0360)	15 Jun 201807:07	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Intelligent Operations Center (CVE-2016-0360)	19 Aug 202221:04	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with Financial Transaction Manager (CVE-2016-0360)	16 Jun 201820:08	–	ibm
IBM Security Bulletins	Security Bulletin:Security vulnerabilities have been identified in Websphere Application Server embedded in Tivoli Integrated Portal shipped with Tivoli Network Manager IP Edition.	17 Jun 201815:37	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2016-0360)	17 Jun 201815:37	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2016-0360)	15 Jun 201807:07	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "1da9dec1-72a9-3ca6-976c-352a5e0e8117",
        "vendor": {
          "name": "IBM Corporation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0bcd6786-0b29-3320-a770-3e7f454a7fcf",
        "product": {
          "name": "WebSphere MQ"
        },
        "product_version": "7.0.1"
      },
      {
        "id": "3f38469e-8db9-3a61-be6e-f8f386791710",
        "product": {
          "name": "WebSphere MQ"
        },
        "product_version": "8.0"
      },
      {
        "id": "4a81f99d-789c-3b15-8065-fb2801ccbbf4",
        "product": {
          "name": "WebSphere MQ"
        },
        "product_version": "7.1"
      },
      {
        "id": "d68805b4-d85a-3470-abce-a1c0fda509cb",
        "product": {
          "name": "WebSphere MQ"
        },
        "product_version": "7.5"
      },
      {
        "id": "f245328b-859f-33a9-82a8-938fdec42b77",
        "product": {
          "name": "WebSphere MQ"
        },
        "product_version": "9.0"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/95317
www-01	www.www-01.ibm.com/support/docview.wss
securitytracker	www.securitytracker.com/id/1037561
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

9.2High risk

Vulners AI Score9.2

CVSS 39.8

CVSS 27.5

EPSS0.00962