Security Bulletin: Potential Vulnerability identified in Websphere Application Server shipped with Jazz for Service Management (CVE-2016-0360)


## Summary Websphere Application Server (WAS) Full profile is shipped as a component of Jazz for Service Management (JazzSM) and WAS has been affected by potential vulnerability ## Vulnerability Details CVEID: [_CVE-2016-0360_](<https://vulners.com/cve/CVE-2016-0360>)** ** **DESCRIPTION:** IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. CVSS Base Score: 8.1 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111930_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111930>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) ## Affected Products and Versions Jazz for Service Management version 1.1.0 - 1.1.3 ## Remediation/Fixes Principal Product and Version(s) | Affected Supporting Product and Version| Affected Supporting Product Security Bulletin ---|---|--- Jazz for Service Management version 1.1.0 - 1.1.3| Websphere Application Server Full Profile 8.5.5| [Security Bulletin: Potential security vulnerability in WebSphere Application Server MQ JCA Resource adapter (CVE-2016-0360)](<http://www-01.ibm.com/support/docview.wss?uid=swg21996748>) ## Workarounds and Mitigations Please refer to WAS iFix ##

Affected Software

CPE Name Name Version
tivoli components 1.1
tivoli components
tivoli components
tivoli components
tivoli components 1.1.1
tivoli components
tivoli components 1.1.2
tivoli components
tivoli components 1.1.3