|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
IBM WebSphere MQ: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of IBM WebSphere MQ.
Impacted products: QRadar SIEM, WebSphere MQ.
Creation date: 21/02/2017.
Identifiers: 1995099, 1998647, 1998648, 1998649, 1998660, 1998661, 1998663, 1998797, 2015824, CVE-2016-3013, CVE-2016-3052, CVE-2016-8915, CVE-2016-8971, CVE-2016-8986, CVE-2016-9009, VIGILANCE-VUL-21920.
Description of the vulnerability
Several vulnerabilities were announced in IBM WebSphere MQ.
An attacker can trigger a fatal error via Invalid Channel Protocol, in order to trigger a denial of service. [severity:2/4; 1998649, CVE-2016-8915]
An attacker can generate a buffer overflow via Channel Data Conversion, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 1998661, CVE-2016-3013]
An attacker can trigger a fatal error via MQXR Listener, in order to trigger a denial of service. [severity:2/4; 1998648, CVE-2016-8986]
An attacker can bypass security features via Java Clients, in order to obtain sensitive information. [severity:2/4; 1998660, CVE-2016-3052]
An attacker can force a read at an invalid address via Administration Command, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 1998663, CVE-2016-8971]
An attacker can trigger a fatal error via Cluster Channel Definition, in order to trigger a denial of service. [severity:2/4; 1998647, CVE-2016-9009]
Complete Vigil@nce bulletin.... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides an application vulnerability announce. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.