8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
WebSphere Message Broker and IBM Integraton Bus have addressed the following vulnerabilities
CVEID:CVE-2017-12617**
DESCRIPTION: *Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to an error when running on Windows with HTTP PUTs enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to upload a JSP file and execute arbitrary code on the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132484 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
**
CVEID: CVE-2017-12615
DESCRIPTION: *Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error when running on Windows with HTTP PUTs enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to upload a JSP file and execute arbitrary code on the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132277 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM Integration Bus V9.0.0.0 - V9.0.0.9
IBM Integration Bus V10.0.0.0 - V10.0.0.10.
WebSphere Message Broker V7.0.0.0 - V7.0.0.8
WebSphere Message Broker V8.0.0.0 - V8.0.0.9
Product
| VRMF|APAR|Remediation/Fix
—|—|—|—
IBM Integration Bus| V9.0.0.0 - V9.0.0.9| IT22679| The APAR is available in fix pack 9.0.0.10
_<http://www-01.ibm.com/support/docview.wss?uid=swg24044363>_
IBM Integration Bus| V10.0.0.0 - V10.0.0.10| IT22679 | The APAR is available in fix pack 10.0.0.11
_<http://www-01.ibm.com/support/docview.wss?uid=swg24044326>_
WebSphere Message Broker| V7.0.0.0 - V7.0.0.8| IT22679| For APAR IT22679, please contact IBM support
WebSphere Message Broker| V8.0.0.0 - V8.0.0.9| IT22679| For APAR IT22679, please contact IBM support
Websphere Message Broker V7 and V8 is no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. If you are an extended support customer and require a fix, this is available only for the latest fixpack (8.0.0.9) and (7.0.0.8). To obtain the fix contact IBM support.
CPE | Name | Operator | Version |
---|---|---|---|
ibm integration bus | eq | 10.0 | |
ibm integration bus | eq | 9.0 | |
websphere message broker | eq | 7.0 | |
websphere message broker | eq | 8.0 |
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P