Security Bulletin: IBM Integration Bus and WebSphere Message Broker are affected by Unquoted Search Path or Element (CWE-428)  Vulnerability on Windows

Summary

IBM Integration Bus and WebSphere Message Broker have addressed applicable CVE

Vulnerability Details

CVEID: CVE-2017-1144**
DESCRIPTION:** IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting.
CVSS Base Score: 2.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122033 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

IBM Integration Bus V10.0.0.0 - 10.0.0.7

IBM Integration Bus V9.0.0.0 - 9.0.0.7

WebSphere Message Broker V8.0.0.0 - 8.0.0.8

Remediation/Fixes

Product

| VRMF|APAR|Remediation/Fix
—|—|—|—
IBM Integration Bus| V10.0.0.0- 10.0.0.7| IT19111 | The APAR is available in fix pack 10.0.0.8

<http://www-01.ibm.com/support/docview.wss?uid=swg24043443&gt;

IBM Integration Bus| V9.0.0.0- 9.0.0.7| IT19111 | The APAR is available in fix pack 9.0.0.8

<http://www-01.ibm.com/support/docview.wss?uid=swg24043751&gt;

WebSphere Message Broker| V8.0.0.0 - 8.0.0.8| IT19111 | The APAR is available in fix pack 8.0.0.9

https://www.ibm.com/support/docview.wss?uid=swg24043806

|
|
|

For unsupported versions of the product, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

The planned maintenance release dates for WebSphere Message Broker and IBM Integration Bus are available at :

http://www.ibm.com/support/docview.wss?rs=849&uid=swg27006308

Workarounds and Mitigations

None known