Vulnerability Name:

CVE-2017-1612

Assigned:2016-11-30
Published:2018-01-04
Updated:2018-01-14
Summary:IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.
CVSS v3 Severity:7.4 High (CCN CVSS v3 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
6.4 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
References:Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/support/docview.wss?uid=swg22009918

Source: BID
Type: UNKNOWN
102479

Source: SECTRACK
Type: UNKNOWN
1040175

Source: MISC
Type: UNKNOWN
https://exchange.xforce.ibmcloud.com/vulnerabilities/132953

Source: XF
Type: UNKNOWN
ibm-websphere-cve20171612-priv-escalation(132953)

BACK