Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME6D29ABE981BFBC186B14E7ACE71EF258F0E36E5445E79BA06029FC4AF91FB3A
HistoryJun 15, 2018 - 7:06 a.m.

Security Bulletin: IBM MQ Appliance potential execution of arbitrary commands (CVE-2016-5879)

2018-06-1507:06:02
www.ibm.com
6

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

There is potential for malicious users to execute arbitrary commands due to improper validation of the input parameters.

Vulnerability Details

CVEID: CVE-2016-5879**
DESCRIPTION:** IBM MQ Appliance could allow a local attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input to Disaster Recovery and High Availability commands within the MQCLI. A local attacker could inject arbitrary shell commands using the, which would allow the attacker to execute arbitrary commands on the system.
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115074 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

IBM MQ Appliance M2000

IBM MQ Appliance M2001

Remediation/Fixes

Apply the fix for APAR IT16174

Workarounds and Mitigations

None known; apply fixes.

CPENameOperatorVersion
ibm mq applianceeq8.0

Related

prion 1
nvd 1
cve 1
cvelist 1
prion
prion
Command injection
2016-09-02 14:59:00
nvd
nvd
CVE-2016-5879
2016-09-02 14:59:08
cve
cve
CVE-2016-5879
2016-09-02 14:59:08
cvelist
cvelist
CVE-2016-5879
2016-09-02 14:00:00

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for E6D29ABE981BFBC186B14E7ACE71EF258F0E36E5445E79BA06029FC4AF91FB3A
prion1nvd1cve1cvelist1