4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
42.4%
According to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is version 8.0.0.x prior to 8.0.0.7, 9.0.x prior to 9.0.4 or 9.0.0.x prior to 9.0.0.2. It is, therefore, affected by a denial of service vulnerability. An authenticated, remote attacker can exploit this issue to cause the service to stop responding.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(141349);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2017-1235");
script_bugtraq_id(100955);
script_name(english:"IBM WebSphere MQ Denial of Service (CVE-2017-1235)");
script_summary(english:"Checks the version of IBM WebSphere MQ.");
script_set_attribute(attribute:"synopsis", value:
"A message queuing service installed on the remote host is affected by
a denial of service vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the IBM WebSphere MQ server
installed on the remote Windows host is version 8.0.0.x prior to 8.0.0.7,
9.0.x prior to 9.0.4 or 9.0.0.x prior to 9.0.0.2. It is, therefore,
affected by a denial of service vulnerability. An authenticated, remote
attacker can exploit this issue to cause the service to stop responding.");
script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/docview.wss?uid=swg22005415");
script_set_attribute(attribute:"solution", value:
"Upgrade to IBM MQ 8.0.0.7 / 9.0.4 / 9.0.0.2 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1235");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/15");
script_set_attribute(attribute:"patch_publication_date", value:"2018/06/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_mq");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("websphere_mq_installed.nasl");
script_require_keys("installed_sw/IBM WebSphere MQ");
exit(0);
}
include('vcf.inc');
app = 'IBM WebSphere MQ';
app_info = vcf::get_app_info(app:app, win_local:TRUE);
if( app_info['version'] =~ "^9\.0\.0\.\d{1,2}($|[^0-9])")
constraints = [{ 'min_version' : '9.0.0.0', 'fixed_version' : '9.0.0.2'}];
else
constraints = [
{ 'min_version' : '8.0.0', 'fixed_version' : '8.0.0.7'},
{ 'min_version' : '9.0.0', 'fixed_version' : '9.0.4'}
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | websphere_mq | cpe:/a:ibm:websphere_mq |
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
42.4%