23 matches found
CVE-2013-5372
CVE-2013-5372 is a denial-of-service vulnerability in the XML4J XML parser used by IBM WebSphere Message Broker (6.1 before 6.1.0.12; 7.0 before 7.0.0.7; 8.0 before 8.0.0.4) and IBM Integration Bus 9.0 before 9.0.0.1. A crafted XML document triggers entity expansion, causing memory consumption. C...
CVE-2017-1207
CVE-2017-1207 affects IBM WebSphere Message Broker and IBM Integration Bus. The root cause is that user credentials are logged or stored in plaintext in the service trace, allowing a locally authorized user to read passwords. Affected versions include IBM Integration Bus 9.x, 10.x (up to 10.0.0.7...
CVE-2009-0503
Affected product: IBM WebSphere Message Broker 6.1.x prior to 6.1.0.2. Vulnerability: during JDBC error handling, a database connection password is written to the Event Log and System Log, allowing local users to obtain sensitive information by reading the logs. Impact: local information disclosu...
CVE-2013-0482
CVE-2013-0482 : IBM WebSphere Application Server (WAS) and WebSphere Message Broker are affected. The vulnerability lies in the WS‑Security runtime, enabling a remote attacker to spoof message signatures by sending a crafted SOAP message (Signature Wrap attack). Affected products/versions include...
CVE-2017-1144
CVE-2017-1144 affects IBM Integration Bus and WebSphere Message Broker. A denial-of-service condition could occur when a local user with specialized access triggers an unquoted search path, preventing the broker from starting. Affected products/versions include: IBM Integration Bus 10.0.0.0–10.0....
CVE-2016-9706
CVE-2016-9706 affects IBM Integration Bus (9.0/10.0) and WebSphere Message Broker SOAP FLOWS. An XML External Entity (XXE) processing flaw can lead to denial of service and potential exposure of sensitive data. Affected products/versions per IBM bulletin: IBM Integration Bus V10 (fix pack 10.0.0....
CVE-2017-1418
CVE-2017-1418 affects IBM Integration Bus and WebSphere Message Broker, with insecure file permissions on certain files that allow a local attacker to modify or delete them. Affected products/versions per the sources: IBM Integration Bus V10.0.0.0–10.0.0.11 and V9.0.0.0–9.0.0.10; WebSphere Messag...
CVE-2012-5953
The CVE-2012-5953 entry concerns IBM WebSphere Message Broker: affected versions are 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, where enabling the Parse Query Strings option on an HTTPInput node allows a remote attacker to cause a denial of service (infinite loop) via a craf...
CVE-2018-1801
CVE-2018-1801 affects IBM App Connect 11.0.0.0–11.0.0.1, IBM Integration Bus 10.0.0.0–10.0.0.13, IBM Integration Bus 9.0.0.0–9.0.0.10, and WebSphere Message Broker 8.0.0.0–8.0.0.9. It enables XML External Entity (XXE) processing vulnerabilities that could allow a remote attacker to exhaust memory...
CVE-2016-6080
CVE-2016-6080 affects WebSphere Message Broker (WebAdmin) on WebSphere Message Broker v8. The vulnerability allows directory listings via the WebAdmin context, potentially disclosing sensitive information. IBM’s security bulletin confirms the issue and provides a remediation: apply APAR IT16698 i...
CVE-2015-0118
CVE-2015-0118 affects IBM WebSphere WebSphere Message Broker Toolkit and IBM Integration Toolkit: Toolkit 7 (before 7007 IF2), Toolkit 8 (before 8005 IF1), and Integration Toolkit 9 (before 9003 IF1) include MQ client JARs that support only weak TLS ciphers, risking information disclosure via net...
CVE-2014-6170
CVE-2014-6170 affects IBM WebSphere Message Broker and IBM Integration Bus. The HTTPInput node can return a SOAP fault that reveals sensitive information, enabling remote attackers to access partial confidential data. Affected products/versions include IBM Integration Bus V9.0, WebSphere Message ...
CVE-2015-7399
CVE-2015-7399 affects IBM WebSphere Message Broker (v7 before 7.0.0.8) and WebSphere Message Broker v8 (before 8.0.0.6), as well as IBM Integration Bus (v9 before 9.0.0.3 and v10 before 10.0.0.0). The issue is an information-disclosure vulnerability where an attacker could remotely obtain sensiti...
CVE-2017-1126
CVE-2017-1126 affects IBM WebSphere Message Broker (now IBM Integration Bus) 9.0/10.0. An information-disclosure vulnerability could allow an unauthorized user to obtain sensitive information about software versions, potentially enabling further attacks. Affected products/versions include IBM Int...
CVE-2012-5952
CVE-2012-5952 affects IBM WebSphere Message Broker: 6.1 prior to 6.1.0.12, 7.0 prior to 7.0.0.6, and 8.0 prior to 8.0.0.2. The issue is that basic authentication credentials are not validated before proceeding to WS-Addressing and WS-Security operations, which can allow remote attackers to trigge...
CVE-2015-5011
The vulnerability CVE-2015-5011 affects IBM WebSphere Message Broker 8 (pre-8.0.0.6) and IBM Integration Bus 9 (pre-9.0.0.4). The root cause is failure to perform authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, allowing a local attacker to bypass access controls and start or stop...
CVE-2016-0394
Summary: CVE-2016-0394 affects IBM Integration Bus and WebSphere Message Broker. The root cause is incorrect permissions set for an object on Unix platforms, which could allow a local attacker to manipulate certain files. Affected products/versions: IBM Integration Bus V9 and WebSphere Message Br...
CVE-2016-2961
The CVE-2016-2961 issue affects IBM Integration Bus and WebSphere Message Broker where an unauthenticated remote attacker can send a malformed HTTP POST to the integration server HTTP listener and read the Java stack trace to identify the running Tomcat version. Affected products and versions inc...
CVE-2016-9010
CVE-2016-9010 affects IBM WebSphere Message Broker and IBM Integration Bus (including V8, V9, V10 branches). The vulnerability is a clickjacking flaw caused by not setting the X-Frame-OPTIONS header in the Web UI, enabling a remote attacker to hijack a user’s click actions by luring them to a mal...
CVE-2015-2018
IBM Integration Bus (versions 9 and 10 prior to 10.0.0.1) and WebSphere Message Broker (versions 7 prior to 7.0.0.8 and 8 prior to 8.0.0.7) are affected by CVE-2015-2018 due to not ensuring the correct security profile is selected. This misconfiguration allows remote authenticated users to obtain...
CVE-2013-0466
CVE-2013-0466 affects IBM WebSphere Message Broker (7.0 prior to 7.0.0.6 and 8.0 prior to 8.0.0.2) where wsdl support on a SOAPInput node can trigger cross-site scripting. The root cause is improper handling during construction of an error message, allowing remote script/HTML injection via a wsdl...
CVE-2014-4819
This CVE (CVE-2014-4819) affects IBM WebSphere® Message Broker 8.0 prior to 8.0.0.6 and IBM Integration Bus 9.0 prior to 9.0.0.3. The root cause is that the web UI exposes information via error pages, enabling remote authenticated users to read sensitive data. IBM’s bulletin confirms the affected...
CVE-2012-3317
CVE-2012-3317 affects IBM WebSphere Message Broker: versions 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 have incorrect ownership of certain uninstaller JRE files, which may allow local users to gain privileges via access to uid 501 or gid 300. The root cause is improper file ...