The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability CVE-2016-3013 CVE-2016-3052 CVE-2016-8915

IBM WebSphere MQ: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of IBM WebSphere MQ.
Impacted products: WebSphere MQ.
Severity: 2/4.
Creation date: 21/02/2017.
Identifiers: 1995099, 1998647, 1998648, 1998649, 1998660, 1998661, 1998663, 1998797, CVE-2016-3013, CVE-2016-3052, CVE-2016-8915, CVE-2016-8971, CVE-2016-8986, CVE-2016-9009, VIGILANCE-VUL-21920.

Description of the vulnerability

Several vulnerabilities were announced in IBM WebSphere MQ.

An attacker can trigger a fatal error via Invalid Channel Protocol, in order to trigger a denial of service. [severity:2/4; 1998649, CVE-2016-8915]

An attacker can generate a buffer overflow via Channel Data Conversion, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 1998661, CVE-2016-3013]

An attacker can trigger a fatal error via MQXR Listener, in order to trigger a denial of service. [severity:2/4; 1998648, CVE-2016-8986]

An attacker can bypass security features via Java Clients, in order to obtain sensitive information. [severity:2/4; 1998660, CVE-2016-3052]

An attacker can force a read at an invalid address via Administration Command, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 1998663, CVE-2016-8971]

An attacker can trigger a fatal error via Cluster Channel Definition, in order to trigger a denial of service. [severity:2/4; 1998647, CVE-2016-9009]
Complete Vigil@nce bulletin.... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides an application vulnerability announce. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.