IBM4824B18890075AC14EA616949336D14FD52F7075B51482178F99D04A64544C3FSecurity Bulletin: IBM MQ Appliance potential execution of arbitrary commands (CVE-2017-1318)
0.003 Low
EPSS
Percentile
65.8%
Summary
There is potential for an authenticated messaging administrator to execute arbitrary commands on the IBM MQ Appliance.
Vulnerability Details
CVEID: CVE-2017-1318 DESCRIPTION: IBM MQ Appliance could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution.
CVSS Base Score: 9.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125730> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Affected Products and Versions
IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.6
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Continuous delivery updates 9.0.1 and 9.0.2
Remediation/Fixes
IBM MQ Appliance 8.0
Apply fixpack 8.0.0.7 or later maintenance.
IBM MQ Appliance 9.0.x Continuous Delivery (CD) release
Apply continuous delivery update 9.0.3 or later.
Workarounds and Mitigations
None
Related
0.003 Low
EPSS
Percentile
65.8%