7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
IBM MQ Appliance has resolved a buffer overflow vulnerability.
CVEID:CVE-2015-2716
**DESCRIPTION:**Expat, as used in Mozilla Firefox and Thunderbird, is vulnerable to a buffer overflow, caused by improper bounds checking by the XML parser. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/103214 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Affected Product(s) | Version(s) |
---|---|
IBM MQ Appliance | 9.1 LTS |
IBM MQ Appliance | 9.1 CD |
IBM MQ Appliance 9.1 LTS
Apply fixpack 9.1.0.6, or later.
IBM MQ Appliance 9.1 CD
Apply IBM MQ Appliance 9.2, or later.
Only affects IBM MQ Appliance configured in a High Availability group.