Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA3D51B7777AD9C29B71261617AC811687AA6B5DF9D28C647919401DDCD31252D
HistoryJun 15, 2018 - 7:04 a.m.

Security Bulletin: A vulnerability in the GSKit component of IBM WebSphere MQ (CVE-2016-0201)

2018-06-1507:04:31
www.ibm.com
27

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Summary

A vulnerability has been addressed in the GSKit component of IBM WebSphere MQ.

Vulnerability Details

CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to obtain authentication credentials.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109310 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM WebSphere MQ 8.0

Fix Pack 8.0.0.4 and previous maintenance levels

IBM WebSphere MQ 7.5

Fix Pack 7.5.0.5 and previous maintenance levels

IBM WebSphere MQ 7.1

Fix Pack 7.1.0.7 and previous maintenance levels

IBM WebSphere MQ 7.0

Fix Pack 7.0.1.13 and previous maintenance levels

Remediation/Fixes

IBM WebSphere MQ 8.0

Apply the ifix for APAR IT13023

IBM WebSphere MQ 7.5

Apply the ifix for APAR IV77604

IBM WebSphere MQ 7.1

Apply the ifix for APAR IV77604

IBM WebSphere MQ 7.0.1

Apply the ifix for APAR IV77604

Workarounds and Mitigations

None

Related

ibm 48
prion 1
openvas 1
cve 1
cvelist 1
nessus 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM Cognos Business Intelligence shipped with IBM Capacity Management Analytyics (CVE-2016-0201)
2018-06-15 22:42:32
Security Bulletin: A vulnerability has been addressed in the GSKit component of IBM Security Directory Server (CVE-2016-0201)
2018-06-16 21:39:22
Security Bulletin: A vulnerability in the GSKit component of Content Manager OnDemand for Multiplatforms (CVE-2016-0201)
2018-06-17 12:14:07
prion
prion
Code injection
2016-01-18 05:59:00
openvas
openvas
IBM Security Network Protection Information Disclosure Vulnerability
2017-01-10 00:00:00
cve
cve
CVE-2016-0201
2016-01-18 05:59:00
cvelist
cvelist
CVE-2016-0201
2016-01-18 02:00:00
nessus
nessus
IBM HTTP Server 8.5.0.0 <= 8.5.5.8 / 8.0.0.0 <= 8.0.0.12 Multiple Vulnerabilities (538705)
2020-12-11 00:00:00

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON
Related for A3D51B7777AD9C29B71261617AC811687AA6B5DF9D28C647919401DDCD31252D
ibm48prion1openvas1cve1cvelist1nessus1