10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
IBM MQ Appliance has addressed the following kernel vulnerability.
CVEID: CVE-2014-2523 DESCRIPTION: Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by an error in the /netfilter/nf_conntrack_proto_dccp.c file. By sending a specially-crafted DCCP packet, an attacker could exploit this vulnerability to corrupt kernel stack memory and execute arbitrary code on the system with kernel privileges.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91910> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.9
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Maintenance levels between 9.0.1 and 9.0.5
IBM MQ Appliance 8.0
Apply fixpack 8.0.0.10 or later
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Apply 9.1 Long Term Support (LTS) release
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm mq appliance | eq | 8.0 | |
ibm mq appliance | eq | 9.0.1 | |
ibm mq appliance | eq | 9.0.2 | |
ibm mq appliance | eq | 9.0.3 | |
ibm mq appliance | eq | 9.0.4 | |
ibm mq appliance | eq | 9.0.5 |