Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA1528F53A3B42FECAF940574DC39AC8B74723792AE95ABAF213EC924CF4345E0
HistoryJun 17, 2018 - 3:24 p.m.

Security Bulletin: RCE vulnerability in JMS Client in IBM MessageSight (CVE-2016-0375)

2018-06-1715:24:34
www.ibm.com
8

EPSS

0.002

Percentile

59.6%

JSON

Summary

RCE vulnerability in JMS Client in IBM MessageSight

Vulnerability Details

CVEID: CVE-2016-0375

DESCRIPTION: IBM MessageSight contains an unspecified vulnerability that could allow a remote authenticated attacker to execute arbitrary commands with administrator privileges.

CVSS Base Score: 7.5

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112237 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM MessageSight V1.1, V1.2 and V2.0

Remediation/Fixes

Product

|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—
IBM MessageSight| 1.1| IT15743| 1.1.0.1-IBM-IMA-JMSClient-IFIT15743

IBM MessageSight|
1.2|
IT15674| 1.2.0.3-IBM-IMA-JMSClient-IFIT15674
IBM MessageSight| 2.0| IT15674| 2.0.0.0-IBM-IMA-JMSClient-IFIT15674

Workarounds and Mitigations

Do not use JMS ObjectMessage.

Related

cvelist 1
prion 1
cve 1
nvd 1
cvelist
cvelist
CVE-2016-0375
2016-07-01 01:00:00
prion
prion
Command injection
2016-07-01 01:59:00
cve
cve
CVE-2016-0375
2016-07-01 01:59:04
nvd
nvd
CVE-2016-0375
2016-07-01 01:59:04

EPSS

0.002

Percentile

59.6%

JSON
Related for A1528F53A3B42FECAF940574DC39AC8B74723792AE95ABAF213EC924CF4345E0
cvelist1prion1cve1nvd1