Security Bulletin: IBM MQ Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-7805)

Summary

IBM MQ Appliance has addressed a vulnerability in Network Security Services (NSS).

Vulnerability Details

CVEID:CVE-2017-7805
**DESCRIPTION:*Network Security Services could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in TLS 1.2 generating handshake hashes. By persuading a victim to visit a specially-crafted website, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132749 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM MQ Appliance 8.0

Maintenance levels between 8.0.0.0 and 8.0.0.7

IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release

Continuous delivery updates between 9.0.1 and 9.0.3

Remediation/Fixes

IBM MQ Appliance 8.0

Apply fixpack 8.0.0.8

IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release

Apply Continuous Delivery Release 9.0.4

Workarounds and Mitigations

None