WebSphere Message Broker and IBM Integraton Bus have addressed the following vulnerabilities
CVEID:CVE-2017-12617**
DESCRIPTION: *Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to an error when running on Windows with HTTP PUTs enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to upload a JSP file and execute arbitrary code on the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132484 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
**
CVEID: CVE-2017-12615
DESCRIPTION: *Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error when running on Windows with HTTP PUTs enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to upload a JSP file and execute arbitrary code on the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132277 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM Integration Bus V9.0.0.0 - V9.0.0.9
IBM Integration Bus V10.0.0.0 - V10.0.0.10.
WebSphere Message Broker V7.0.0.0 - V7.0.0.8
WebSphere Message Broker V8.0.0.0 - V8.0.0.9
Product
| VRMF|APAR|Remediation/Fix
—|—|—|—
IBM Integration Bus| V9.0.0.0 - V9.0.0.9| IT22679| The APAR is available in fix pack 9.0.0.10
_<http://www-01.ibm.com/support/docview.wss?uid=swg24044363>_
IBM Integration Bus| V10.0.0.0 - V10.0.0.10| IT22679 | The APAR is available in fix pack 10.0.0.11
_<http://www-01.ibm.com/support/docview.wss?uid=swg24044326>_
WebSphere Message Broker| V7.0.0.0 - V7.0.0.8| IT22679| For APAR IT22679, please contact IBM support
WebSphere Message Broker| V8.0.0.0 - V8.0.0.9| IT22679| For APAR IT22679, please contact IBM support
Websphere Message Broker V7 and V8 is no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. If you are an extended support customer and require a fix, this is available only for the latest fixpack (8.0.0.9) and (7.0.0.8). To obtain the fix contact IBM support.