Search criteria
69 vulnerabilities found for websphere_message_broker by ibm
FKIE_CVE-2018-1801
Vulnerability from fkie_nvd - Published: 2019-02-04 21:29 - Updated: 2024-11-21 04:00
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10795780 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/149639 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10795780 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/149639 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | app_connect | * | |
| ibm | integration_bus | * | |
| ibm | integration_bus | * | |
| ibm | websphere_message_broker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:app_connect:*:*:*:*:*:*:*:*",
"matchCriteriaId": "422EF257-D52F-4F33-A601-1D57F0DD9C9F",
"versionEndIncluding": "11.0.0.1",
"versionStartIncluding": "11.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3971EC2-F555-4EF6-8E28-B352EFFBDEE0",
"versionEndIncluding": "9.0.0.10",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC41C1D4-3752-413D-96A1-2349C7E89E1A",
"versionEndIncluding": "10.0.0.13",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "371E38F9-286D-4D31-A654-1970EFD8BDEB",
"versionEndIncluding": "8.0.0.9",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639."
},
{
"lang": "es",
"value": "IBM App Connect, desde la versi\u00f3n V11.0.0.0 hasta la V11.0.0.1; IBM Integration Bus, desde la versi\u00f3n V10.0.0.0 hasta la V10.0.0.13; IBM Integration Bus, desde la versi\u00f3n V9.0.0.0 hasta la V9.0.0.10; y WebSphere Message Broker, desde la versi\u00f3n V8.0.0.0 hasta la V8.0.0.9, es vulnerable a un ataque XXE (XML External Entity) al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para consumir recursos de la memoria. IBM X-Force ID: 149639."
}
],
"id": "CVE-2018-1801",
"lastModified": "2024-11-21T04:00:23.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-04T21:29:00.427",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10795780"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10795780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1418
Vulnerability from fkie_nvd - Published: 2018-11-26 16:29 - Updated: 2024-11-21 03:21
Severity ?
4.0 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10735181 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/127406 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10735181 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/127406 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | integration_bus | * | |
| ibm | integration_bus | * | |
| ibm | websphere_message_broker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:integration_bus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A68EC78E-2917-499E-879E-BF3B8F4A0763",
"versionEndIncluding": "9.0.0.11",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "072958FE-6DB0-4CB4-B569-757963A8E8B6",
"versionEndIncluding": "10.0.0.14",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "371E38F9-286D-4D31-A654-1970EFD8BDEB",
"versionEndIncluding": "8.0.0.9",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406."
},
{
"lang": "es",
"value": "La versiones 9.0.0.0, 9.0.0.11, 10.0.0.0 y 10.0.0.14 de IBM Integration Bus (inclusivas las 8.0.0.0 y 8.0.0.9 de WebSphere Message Broker) tienen permisos inseguros en determinados archivos. Un atacante local podr\u00eda explotar esta vulnerabilidad para modificar o borrar dichos archivos con un impacto desconocido. IBM X-Force ID: 127406."
}
],
"id": "CVE-2017-1418",
"lastModified": "2024-11-21T03:21:50.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-26T16:29:00.243",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10735181"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10735181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127406"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1126
Vulnerability from fkie_nvd - Published: 2017-10-04 01:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22008470 | Issue Tracking, Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/101104 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/121341 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22008470 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101104 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/121341 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | integration_bus | 9.0.0.0 | |
| ibm | integration_bus | 9.0.0.1 | |
| ibm | integration_bus | 9.0.0.2 | |
| ibm | integration_bus | 9.0.0.4 | |
| ibm | integration_bus | 9.0.0.5 | |
| ibm | integration_bus | 9.0.0.6 | |
| ibm | integration_bus | 9.0.0.7 | |
| ibm | integration_bus | 9.0.0.8 | |
| ibm | integration_bus | 10.0.0.0 | |
| ibm | integration_bus | 10.0.0.1 | |
| ibm | integration_bus | 10.0.0.2 | |
| ibm | integration_bus | 10.0.0.3 | |
| ibm | integration_bus | 10.0.0.4 | |
| ibm | integration_bus | 10.0.0.5 | |
| ibm | integration_bus | 10.0.0.6 | |
| ibm | integration_bus | 10.0.0.7 | |
| ibm | integration_bus | 10.0.0.8 | |
| ibm | integration_bus | 10.0.0.9 | |
| ibm | websphere_message_broker | 8.0.0.0 | |
| ibm | websphere_message_broker | 8.0.0.1 | |
| ibm | websphere_message_broker | 8.0.0.2 | |
| ibm | websphere_message_broker | 8.0.0.3 | |
| ibm | websphere_message_broker | 8.0.0.4 | |
| ibm | websphere_message_broker | 8.0.0.5 | |
| ibm | websphere_message_broker | 8.0.0.6 | |
| ibm | websphere_message_broker | 8.0.0.7 | |
| ibm | websphere_message_broker | 8.0.0.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D627B445-2980-4AC2-B674-CA4C472AB214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "725E3F95-4096-497D-8F2A-02C185ACF8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB80DEF-E09A-4B51-96B8-75F0AD9C6499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "371E03D4-BDD9-40A8-B24B-43C320C9F3E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C319D81D-E66B-47E6-A731-D5074314B94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A6D9A8-9196-4358-B2ED-BD103AB237F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "408B31F1-F945-4CEB-B6D4-2666A6B8B2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "16DF80F1-4163-46E0-A304-BD01C11EA658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E7A0A-47BD-42EC-A66C-E1F64AD6CA55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6309A833-9490-494A-BE3A-BA79133BD6E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50810A19-BEDC-4DF6-BA82-DAA1F96D5400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97486673-4740-4F4F-8956-73C06B477096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79E917E9-DE5E-482A-9A20-823DF475BE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC25F42C-82EC-44EE-94AC-E85F428460D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2BBC72-E5AD-4FAD-8F72-264794847D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B3797766-D2E5-4645-A793-ABA12A10CF10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1486EFCC-5D66-4172-9D57-55AB25C77B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3770768C-96D0-4D8E-8AB5-0347DBE01AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9244FCC7-99F7-4F90-99CD-12FFF5AD2514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B859DAA9-1B0E-47CE-813D-108776C3B239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2458C42A-90F7-457C-AAD6-205D9893A993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFEC988-5E94-474F-9A60-966B8FA8B8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5CCF85-8149-43DB-A594-99895D94F447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0D7E80-2607-4567-8D1C-2ADA32F174D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32E57C58-4A30-43BE-B8CC-E6B38E67AA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C048F0-D615-49E6-9B50-22E259C02C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C000DEFF-88E8-405A-B338-A956A07F66F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341."
},
{
"lang": "es",
"value": "IBM WebSphere Message Broker (IBM Integration Bus 9.0 y 10.0) permite que un usuario no autorizado obtenga informaci\u00f3n sensible sobre versiones de software que podr\u00eda permitir que se produzcan futuros ataques. IBM X-Force ID: 121341."
}
],
"id": "CVE-2017-1126",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-04T01:29:02.057",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008470"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101104"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1144
Vulnerability from fkie_nvd - Published: 2017-07-05 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22005383 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/99365 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/122033 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22005383 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99365 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/122033 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_message_broker | 8.0 | |
| ibm | websphere_message_broker | 8.0.0.1 | |
| ibm | websphere_message_broker | 8.0.0.2 | |
| ibm | websphere_message_broker | 8.0.0.3 | |
| ibm | websphere_message_broker | 8.0.0.4 | |
| ibm | websphere_message_broker | 8.0.0.5 | |
| ibm | websphere_message_broker | 8.0.0.6 | |
| ibm | websphere_message_broker | 8.0.0.7 | |
| ibm | websphere_message_broker | 8.0.0.8 | |
| ibm | integration_bus | 9.0 | |
| ibm | integration_bus | 9.0.0.1 | |
| ibm | integration_bus | 9.0.0.2 | |
| ibm | integration_bus | 9.0.0.3 | |
| ibm | integration_bus | 9.0.0.4 | |
| ibm | integration_bus | 9.0.0.5 | |
| ibm | integration_bus | 9.0.0.6 | |
| ibm | integration_bus | 9.0.0.7 | |
| ibm | integration_bus | 10.0 | |
| ibm | integration_bus | 10.0.0.1 | |
| ibm | integration_bus | 10.0.0.2 | |
| ibm | integration_bus | 10.0.0.3 | |
| ibm | integration_bus | 10.0.0.4 | |
| ibm | integration_bus | 10.0.0.5 | |
| ibm | integration_bus | 10.0.0.6 | |
| ibm | integration_bus | 10.0.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93BF57-FD4F-456C-8DFD-CEF8B5AEF35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B859DAA9-1B0E-47CE-813D-108776C3B239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2458C42A-90F7-457C-AAD6-205D9893A993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFEC988-5E94-474F-9A60-966B8FA8B8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5CCF85-8149-43DB-A594-99895D94F447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0D7E80-2607-4567-8D1C-2ADA32F174D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32E57C58-4A30-43BE-B8CC-E6B38E67AA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C048F0-D615-49E6-9B50-22E259C02C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C000DEFF-88E8-405A-B338-A956A07F66F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9B868C-9348-4D31-95F9-FEC3D91158AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "725E3F95-4096-497D-8F2A-02C185ACF8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB80DEF-E09A-4B51-96B8-75F0AD9C6499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576FE339-BD08-4994-B31A-15BC521650E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "371E03D4-BDD9-40A8-B24B-43C320C9F3E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C319D81D-E66B-47E6-A731-D5074314B94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A6D9A8-9196-4358-B2ED-BD103AB237F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "408B31F1-F945-4CEB-B6D4-2666A6B8B2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92E6A5C9-29C2-458D-AA67-E74945E2012F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6309A833-9490-494A-BE3A-BA79133BD6E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50810A19-BEDC-4DF6-BA82-DAA1F96D5400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97486673-4740-4F4F-8956-73C06B477096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79E917E9-DE5E-482A-9A20-823DF475BE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC25F42C-82EC-44EE-94AC-E85F428460D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2BBC72-E5AD-4FAD-8F72-264794847D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B3797766-D2E5-4645-A793-ABA12A10CF10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033."
},
{
"lang": "es",
"value": "WebSphere Message Broker de IBM, podr\u00eda permitir a un usuario local con acceso especializado impedir que el intermediario de mensajes se inicie. ID de IBM X-Force: 122033."
}
],
"id": "CVE-2017-1144",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T18:29:00.373",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005383"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99365"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/122033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/122033"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1207
Vulnerability from fkie_nvd - Published: 2017-07-05 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22005382 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/99368 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/123777 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22005382 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99368 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/123777 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_message_broker | 8.0.0.0 | |
| ibm | websphere_message_broker | 8.0.0.1 | |
| ibm | websphere_message_broker | 8.0.0.2 | |
| ibm | websphere_message_broker | 8.0.0.3 | |
| ibm | websphere_message_broker | 8.0.0.4 | |
| ibm | websphere_message_broker | 8.0.0.5 | |
| ibm | websphere_message_broker | 8.0.0.6 | |
| ibm | websphere_message_broker | 8.0.0.7 | |
| ibm | integration_bus | 9.0.0 | |
| ibm | integration_bus | 9.0.0.1 | |
| ibm | integration_bus | 9.0.0.2 | |
| ibm | integration_bus | 9.0.0.3 | |
| ibm | integration_bus | 9.0.0.4 | |
| ibm | integration_bus | 9.0.0.5 | |
| ibm | integration_bus | 9.0.0.6 | |
| ibm | integration_bus | 9.0.0.7 | |
| ibm | integration_bus | 10.0.0 | |
| ibm | integration_bus | 10.0.0.1 | |
| ibm | integration_bus | 10.0.0.2 | |
| ibm | integration_bus | 10.0.0.3 | |
| ibm | integration_bus | 10.0.0.4 | |
| ibm | integration_bus | 10.0.0.5 | |
| ibm | integration_bus | 10.0.0.6 | |
| ibm | integration_bus | 10.0.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9244FCC7-99F7-4F90-99CD-12FFF5AD2514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B859DAA9-1B0E-47CE-813D-108776C3B239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2458C42A-90F7-457C-AAD6-205D9893A993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFEC988-5E94-474F-9A60-966B8FA8B8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5CCF85-8149-43DB-A594-99895D94F447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0D7E80-2607-4567-8D1C-2ADA32F174D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32E57C58-4A30-43BE-B8CC-E6B38E67AA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C048F0-D615-49E6-9B50-22E259C02C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "279685A5-23ED-49B1-AF42-2181054B7316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "725E3F95-4096-497D-8F2A-02C185ACF8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB80DEF-E09A-4B51-96B8-75F0AD9C6499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576FE339-BD08-4994-B31A-15BC521650E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "371E03D4-BDD9-40A8-B24B-43C320C9F3E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C319D81D-E66B-47E6-A731-D5074314B94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A6D9A8-9196-4358-B2ED-BD103AB237F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "408B31F1-F945-4CEB-B6D4-2666A6B8B2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0352390-F2E0-4F66-829B-79A0F210A622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6309A833-9490-494A-BE3A-BA79133BD6E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50810A19-BEDC-4DF6-BA82-DAA1F96D5400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97486673-4740-4F4F-8956-73C06B477096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79E917E9-DE5E-482A-9A20-823DF475BE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC25F42C-82EC-44EE-94AC-E85F428460D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2BBC72-E5AD-4FAD-8F72-264794847D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B3797766-D2E5-4645-A793-ABA12A10CF10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777."
},
{
"lang": "es",
"value": "IBM WebSphere Message Broker almacena las credenciales del usuario en texto plano las cuales podr\u00edan ser le\u00eddas por un usuario local. IBM X-Force ID: 123777."
}
],
"id": "CVE-2017-1207",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T17:29:00.373",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99368"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9706
Vulnerability from fkie_nvd - Published: 2017-02-15 19:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | integration_bus | 9.0 | |
| ibm | integration_bus | 10.0 | |
| ibm | websphere_message_broker | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9B868C-9348-4D31-95F9-FEC3D91158AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92E6A5C9-29C2-458D-AA67-E74945E2012F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93BF57-FD4F-456C-8DFD-CEF8B5AEF35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918."
},
{
"lang": "es",
"value": "IBM Integration Bus 9.0 y 10.0 y WebSphere Message Broker SOAP FLOWS es vulnerable a una denegaci\u00f3n de servicio, provocada por un error de XML External Entity Injection (XXE) cuando procesa datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n altamente sensible o consumir todos los recursos de memoria disponibles. IBM Referencia #: 1997918."
}
],
"id": "CVE-2016-9706",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-15T19:59:01.220",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997918"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/96274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96274"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9010
Vulnerability from fkie_nvd - Published: 2017-02-15 19:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | integration_bus | 9.0 | |
| ibm | integration_bus | 10.0 | |
| ibm | websphere_message_broker | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9B868C-9348-4D31-95F9-FEC3D91158AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92E6A5C9-29C2-458D-AA67-E74945E2012F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93BF57-FD4F-456C-8DFD-CEF8B5AEF35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906."
},
{
"lang": "es",
"value": "IBM WebSphere Message Broker 9.0 y 10.0 podr\u00eda permitir a un atacante remoto secuestrar la acci\u00f3n de hacer click de la v\u00edctima. Persuadiendo a la v\u00edctima para que visite un sitio web malicioso, un atacante remoto podr\u00eda explotar esta vulnerabilidad para secuestrar las acciones de click de la v\u00edctima y posiblemente lanzar m\u00e1s ataques contra la v\u00edctima. IBM Referencia #: 1997906."
}
],
"id": "CVE-2016-9010",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-15T19:59:01.157",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997906"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/96279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96279"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6080
Vulnerability from fkie_nvd - Published: 2017-02-01 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21995004 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/94641 | Technical Description, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21995004 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94641 | Technical Description, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_message_broker | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93BF57-FD4F-456C-8DFD-CEF8B5AEF35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker."
},
{
"lang": "es",
"value": "El contexto WebAdmin para WebSphere Message Broker permite listas de directorios que podr\u00edan revelar informaci\u00f3n sensible al atacante."
}
],
"id": "CVE-2016-6080",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T20:59:02.207",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995004"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Technical Description",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94641"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-0394
Vulnerability from fkie_nvd - Published: 2017-02-01 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21985013 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/94577 | Technical Description, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21985013 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94577 | Technical Description, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | integration_bus | 9.0 | |
| ibm | integration_bus | 9.0.0.1 | |
| ibm | integration_bus | 9.0.0.2 | |
| ibm | integration_bus | 10.0 | |
| ibm | websphere_message_broker | 8.0 | |
| ibm | websphere_message_broker | 8.0.0.1 | |
| ibm | websphere_message_broker | 8.0.0.2 | |
| ibm | websphere_message_broker | 8.0.0.3 | |
| ibm | websphere_message_broker | 8.0.0.4 | |
| ibm | websphere_message_broker | 8.0.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9B868C-9348-4D31-95F9-FEC3D91158AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "725E3F95-4096-497D-8F2A-02C185ACF8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB80DEF-E09A-4B51-96B8-75F0AD9C6499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92E6A5C9-29C2-458D-AA67-E74945E2012F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93BF57-FD4F-456C-8DFD-CEF8B5AEF35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B859DAA9-1B0E-47CE-813D-108776C3B239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2458C42A-90F7-457C-AAD6-205D9893A993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFEC988-5E94-474F-9A60-966B8FA8B8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5CCF85-8149-43DB-A594-99895D94F447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0D7E80-2607-4567-8D1C-2ADA32F174D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files."
},
{
"lang": "es",
"value": "IBM Integration Bus y WebSphere Message broker establecen permisos incorrectos para un objeto que podr\u00edan permitir a un atacante local manipular ciertos archivos."
}
],
"id": "CVE-2016-0394",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T20:59:00.237",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21985013"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Technical Description",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21985013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94577"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-2961
Vulnerability from fkie_nvd - Published: 2016-07-02 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | integration_bus | 9.0 | |
| ibm | integration_bus | 9.0.0.1 | |
| ibm | integration_bus | 9.0.0.2 | |
| ibm | integration_bus | 9.0.0.3 | |
| ibm | integration_bus | 9.0.0.4 | |
| ibm | integration_bus | 9.0.0.5 | |
| ibm | integration_bus | 10.0 | |
| ibm | integration_bus | 10.0.0.1 | |
| ibm | integration_bus | 10.0.0.2 | |
| ibm | integration_bus | 10.0.0.3 | |
| ibm | integration_bus | 10.0.0.4 | |
| ibm | websphere_message_broker | 8.0 | |
| ibm | websphere_message_broker | 8.0.0.1 | |
| ibm | websphere_message_broker | 8.0.0.2 | |
| ibm | websphere_message_broker | 8.0.0.3 | |
| ibm | websphere_message_broker | 8.0.0.4 | |
| ibm | websphere_message_broker | 8.0.0.5 | |
| ibm | websphere_message_broker | 8.0.0.6 | |
| ibm | websphere_message_broker | 8.0.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9B868C-9348-4D31-95F9-FEC3D91158AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "725E3F95-4096-497D-8F2A-02C185ACF8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB80DEF-E09A-4B51-96B8-75F0AD9C6499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576FE339-BD08-4994-B31A-15BC521650E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "371E03D4-BDD9-40A8-B24B-43C320C9F3E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C319D81D-E66B-47E6-A731-D5074314B94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92E6A5C9-29C2-458D-AA67-E74945E2012F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6309A833-9490-494A-BE3A-BA79133BD6E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50810A19-BEDC-4DF6-BA82-DAA1F96D5400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97486673-4740-4F4F-8956-73C06B477096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79E917E9-DE5E-482A-9A20-823DF475BE66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93BF57-FD4F-456C-8DFD-CEF8B5AEF35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B859DAA9-1B0E-47CE-813D-108776C3B239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2458C42A-90F7-457C-AAD6-205D9893A993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFEC988-5E94-474F-9A60-966B8FA8B8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5CCF85-8149-43DB-A594-99895D94F447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0D7E80-2607-4567-8D1C-2ADA32F174D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32E57C58-4A30-43BE-B8CC-E6B38E67AA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C048F0-D615-49E6-9B50-22E259C02C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace."
},
{
"lang": "es",
"value": "El servidor de integraci\u00f3n en IBM Integration Bus 9 en versiones anteriores a 9.0.0.6 y 10 en versiones anteriores a 10.0.0.5 y WebSphere Message Broker 8 en versiones anteriores a 8.0.0.8 permite a atacantes remotos obtener informaci\u00f3n sensible de versi\u00f3n Tomcat enviando una petici\u00f3n de POST mal formada y, despu\u00e9s, leyendo el rastro en pila de Java."
}
],
"id": "CVE-2016-2961",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-02T14:59:17.383",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT15188"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT15188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985017"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-1801 (GCVE-0-2018-1801)
Vulnerability from cvelistv5 – Published: 2019-02-04 21:00 – Updated: 2024-09-17 04:19
VLAI?
Summary
IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Integration Bus |
Affected:
9.0.0.0
Affected: 10.0.0.0 Affected: 9.0.0.10 Affected: 10.0.0.13 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-ibus-cve20181801-dos(149639)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10795780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "9.0.0.10"
},
{
"status": "affected",
"version": "10.0.0.13"
}
]
},
{
"product": "WebSphere Message Broker",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0.0.0"
},
{
"status": "affected",
"version": "8.0.0.9"
}
]
},
{
"product": "App Connect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.0.0.0"
},
{
"status": "affected",
"version": "11.0.0.1"
}
]
}
],
"datePublic": "2019-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-04T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-ibus-cve20181801-dos(149639)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10795780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-01-28T00:00:00",
"ID": "CVE-2018-1801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "9.0.0.10"
},
{
"version_value": "10.0.0.13"
}
]
}
},
{
"product_name": "WebSphere Message Broker",
"version": {
"version_data": [
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.9"
}
]
}
},
{
"product_name": "App Connect",
"version": {
"version_data": [
{
"version_value": "11.0.0.0"
},
{
"version_value": "11.0.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-ibus-cve20181801-dos(149639)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10795780",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10795780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1801",
"datePublished": "2019-02-04T21:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T04:19:23.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1418 (GCVE-0-2017-1418)
Vulnerability from cvelistv5 – Published: 2018-11-26 17:00 – Updated: 2024-09-16 21:02
VLAI?
Summary
IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406.
Severity ?
CWE
- File Manipulation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Integration Bus |
Affected:
9.0.0.0
Affected: 10.0.0.14 Affected: 9.0.0.11 Affected: 10.0.0.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-ibus-cve20171418-file-access(127406)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127406"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10735181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "10.0.0.14"
},
{
"status": "affected",
"version": "9.0.0.11"
},
{
"status": "affected",
"version": "10.0.0.0"
}
]
},
{
"product": "WebSphere Message Broker",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0.0.0"
},
{
"status": "affected",
"version": "8.0.0.9"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:L/C:N/I:L/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-26T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-ibus-cve20171418-file-access(127406)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127406"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10735181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-11-20T00:00:00",
"ID": "CVE-2017-1418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0.0.0"
},
{
"version_value": "10.0.0.14"
},
{
"version_value": "9.0.0.11"
},
{
"version_value": "10.0.0.0"
}
]
}
},
{
"product_name": "WebSphere Message Broker",
"version": {
"version_data": [
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-ibus-cve20171418-file-access(127406)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127406"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10735181",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10735181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1418",
"datePublished": "2018-11-26T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T21:02:41.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1126 (GCVE-0-2017-1126)
Vulnerability from cvelistv5 – Published: 2017-10-03 17:00 – Updated: 2024-09-17 02:57
VLAI?
Summary
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Integration Bus |
Affected:
9.0
Affected: 10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101104",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101104"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "10.0"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-05T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "101104",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101104"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-1126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101104"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22008470",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008470"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1126",
"datePublished": "2017-10-03T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T02:57:03.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1144 (GCVE-0-2017-1144)
Vulnerability from cvelistv5 – Published: 2017-07-05 18:00 – Updated: 2024-09-16 23:26
VLAI?
Summary
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Integration Bus |
Affected:
9.0
Affected: 10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/122033"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005383"
},
{
"name": "99365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "10.0"
}
]
}
],
"datePublic": "2017-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-06T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/122033"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005383"
},
{
"name": "99365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-06-30T00:00:00",
"ID": "CVE-2017-1144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/122033",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/122033"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005383",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005383"
},
{
"name": "99365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1144",
"datePublished": "2017-07-05T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:26:34.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1207 (GCVE-0-2017-1207)
Vulnerability from cvelistv5 – Published: 2017-07-05 17:00 – Updated: 2024-09-17 03:22
VLAI?
Summary
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Integration Bus |
Affected:
9.0
Affected: 10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
},
{
"name": "99368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "10.0"
}
]
}
],
"datePublic": "2017-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-06T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
},
{
"name": "99368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-06-30T00:00:00",
"ID": "CVE-2017-1207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005382",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
},
{
"name": "99368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1207",
"datePublished": "2017-07-05T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T03:22:49.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9010 (GCVE-0-2016-9010)
Vulnerability from cvelistv5 – Published: 2017-02-15 19:00 – Updated: 2024-08-06 02:35
VLAI?
Summary
IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Integration Bus |
Affected:
9.0.0.0
Affected: 9.0 Affected: 10 Affected: 10.0 Affected: 9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96279"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "10"
},
{
"status": "affected",
"version": "10.0"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2017-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "96279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96279"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0"
},
{
"version_value": "10"
},
{
"version_value": "10.0"
},
{
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96279"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997906",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9010",
"datePublished": "2017-02-15T19:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9706 (GCVE-0-2016-9706)
Vulnerability from cvelistv5 – Published: 2017-02-15 19:00 – Updated: 2024-08-06 02:59
VLAI?
Summary
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Integration Bus |
Affected:
9.0.0.0
Affected: 9.0 Affected: 10 Affected: 10.0 Affected: 9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "10"
},
{
"status": "affected",
"version": "10.0"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2017-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "96274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997918"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0"
},
{
"version_value": "10"
},
{
"version_value": "10.0"
},
{
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96274"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997918",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997918"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9706",
"datePublished": "2017-02-15T19:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6080 (GCVE-0-2016-6080)
Vulnerability from cvelistv5 – Published: 2017-02-01 20:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere Message Broker |
Affected:
6.1
Affected: 6.1.0.1 Affected: 6.1.0.2 Affected: 7.0.0.1 Affected: 7.0 Affected: 7.0.0.2 Affected: 7.0.0.3 Affected: 7.0.0.4 Affected: 8.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 7.0.0.5 Affected: 6.1.0.11 Affected: 7.0.0.6 Affected: 8 Affected: 7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94641",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94641"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Message Broker",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.0.2"
},
{
"status": "affected",
"version": "7.0.0.3"
},
{
"status": "affected",
"version": "7.0.0.4"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "7.0.0.5"
},
{
"status": "affected",
"version": "6.1.0.11"
},
{
"status": "affected",
"version": "7.0.0.6"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "7"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "94641",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94641"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995004"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Message Broker",
"version": {
"version_data": [
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.2"
},
{
"version_value": "7.0.0.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.0.2"
},
{
"version_value": "7.0.0.3"
},
{
"version_value": "7.0.0.4"
},
{
"version_value": "8.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "7.0.0.5"
},
{
"version_value": "6.1.0.11"
},
{
"version_value": "7.0.0.6"
},
{
"version_value": "8"
},
{
"version_value": "7"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94641",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94641"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995004",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6080",
"datePublished": "2017-02-01T20:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0394 (GCVE-0-2016-0394)
Vulnerability from cvelistv5 – Published: 2017-02-01 20:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
Severity ?
No CVSS data available.
CWE
- File Manipulation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Integration Bus |
Affected:
9.0.0.0
Affected: 9.0 Affected: 10 Affected: 10.0 Affected: 9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:24.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21985013"
},
{
"name": "94577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "10"
},
{
"status": "affected",
"version": "10.0"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21985013"
},
{
"name": "94577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0"
},
{
"version_value": "10"
},
{
"version_value": "10.0"
},
{
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21985013",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21985013"
},
{
"name": "94577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0394",
"datePublished": "2017-02-01T20:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:24.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2961 (GCVE-0-2016-2961)
Vulnerability from cvelistv5 – Published: 2016-07-02 14:00 – Updated: 2024-08-05 23:40
VLAI?
Summary
The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:14.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985017"
},
{
"name": "IT15188",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT15188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-07-02T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985017"
},
{
"name": "IT15188",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT15188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21985017",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985017"
},
{
"name": "IT15188",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT15188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-2961",
"datePublished": "2016-07-02T14:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:14.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1801 (GCVE-0-2018-1801)
Vulnerability from nvd – Published: 2019-02-04 21:00 – Updated: 2024-09-17 04:19
VLAI?
Summary
IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Integration Bus |
Affected:
9.0.0.0
Affected: 10.0.0.0 Affected: 9.0.0.10 Affected: 10.0.0.13 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-ibus-cve20181801-dos(149639)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10795780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "9.0.0.10"
},
{
"status": "affected",
"version": "10.0.0.13"
}
]
},
{
"product": "WebSphere Message Broker",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0.0.0"
},
{
"status": "affected",
"version": "8.0.0.9"
}
]
},
{
"product": "App Connect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.0.0.0"
},
{
"status": "affected",
"version": "11.0.0.1"
}
]
}
],
"datePublic": "2019-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-04T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-ibus-cve20181801-dos(149639)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10795780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-01-28T00:00:00",
"ID": "CVE-2018-1801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "9.0.0.10"
},
{
"version_value": "10.0.0.13"
}
]
}
},
{
"product_name": "WebSphere Message Broker",
"version": {
"version_data": [
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.9"
}
]
}
},
{
"product_name": "App Connect",
"version": {
"version_data": [
{
"version_value": "11.0.0.0"
},
{
"version_value": "11.0.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-ibus-cve20181801-dos(149639)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10795780",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10795780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1801",
"datePublished": "2019-02-04T21:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T04:19:23.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1418 (GCVE-0-2017-1418)
Vulnerability from nvd – Published: 2018-11-26 17:00 – Updated: 2024-09-16 21:02
VLAI?
Summary
IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406.
Severity ?
CWE
- File Manipulation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Integration Bus |
Affected:
9.0.0.0
Affected: 10.0.0.14 Affected: 9.0.0.11 Affected: 10.0.0.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-ibus-cve20171418-file-access(127406)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127406"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10735181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "10.0.0.14"
},
{
"status": "affected",
"version": "9.0.0.11"
},
{
"status": "affected",
"version": "10.0.0.0"
}
]
},
{
"product": "WebSphere Message Broker",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0.0.0"
},
{
"status": "affected",
"version": "8.0.0.9"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:L/C:N/I:L/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-26T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-ibus-cve20171418-file-access(127406)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127406"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10735181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-11-20T00:00:00",
"ID": "CVE-2017-1418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0.0.0"
},
{
"version_value": "10.0.0.14"
},
{
"version_value": "9.0.0.11"
},
{
"version_value": "10.0.0.0"
}
]
}
},
{
"product_name": "WebSphere Message Broker",
"version": {
"version_data": [
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-ibus-cve20171418-file-access(127406)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127406"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10735181",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10735181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1418",
"datePublished": "2018-11-26T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T21:02:41.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1126 (GCVE-0-2017-1126)
Vulnerability from nvd – Published: 2017-10-03 17:00 – Updated: 2024-09-17 02:57
VLAI?
Summary
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Integration Bus |
Affected:
9.0
Affected: 10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101104",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101104"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "10.0"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-05T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "101104",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101104"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-1126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101104"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22008470",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008470"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1126",
"datePublished": "2017-10-03T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T02:57:03.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1144 (GCVE-0-2017-1144)
Vulnerability from nvd – Published: 2017-07-05 18:00 – Updated: 2024-09-16 23:26
VLAI?
Summary
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Integration Bus |
Affected:
9.0
Affected: 10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/122033"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005383"
},
{
"name": "99365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "10.0"
}
]
}
],
"datePublic": "2017-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-06T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/122033"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005383"
},
{
"name": "99365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-06-30T00:00:00",
"ID": "CVE-2017-1144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/122033",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/122033"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005383",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005383"
},
{
"name": "99365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1144",
"datePublished": "2017-07-05T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:26:34.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1207 (GCVE-0-2017-1207)
Vulnerability from nvd – Published: 2017-07-05 17:00 – Updated: 2024-09-17 03:22
VLAI?
Summary
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Integration Bus |
Affected:
9.0
Affected: 10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
},
{
"name": "99368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "10.0"
}
]
}
],
"datePublic": "2017-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-06T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
},
{
"name": "99368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-06-30T00:00:00",
"ID": "CVE-2017-1207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005382",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
},
{
"name": "99368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1207",
"datePublished": "2017-07-05T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T03:22:49.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9010 (GCVE-0-2016-9010)
Vulnerability from nvd – Published: 2017-02-15 19:00 – Updated: 2024-08-06 02:35
VLAI?
Summary
IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Integration Bus |
Affected:
9.0.0.0
Affected: 9.0 Affected: 10 Affected: 10.0 Affected: 9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96279"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "10"
},
{
"status": "affected",
"version": "10.0"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2017-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "96279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96279"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0"
},
{
"version_value": "10"
},
{
"version_value": "10.0"
},
{
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96279"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997906",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9010",
"datePublished": "2017-02-15T19:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9706 (GCVE-0-2016-9706)
Vulnerability from nvd – Published: 2017-02-15 19:00 – Updated: 2024-08-06 02:59
VLAI?
Summary
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Integration Bus |
Affected:
9.0.0.0
Affected: 9.0 Affected: 10 Affected: 10.0 Affected: 9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "10"
},
{
"status": "affected",
"version": "10.0"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2017-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "96274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997918"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0"
},
{
"version_value": "10"
},
{
"version_value": "10.0"
},
{
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96274"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997918",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997918"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9706",
"datePublished": "2017-02-15T19:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6080 (GCVE-0-2016-6080)
Vulnerability from nvd – Published: 2017-02-01 20:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere Message Broker |
Affected:
6.1
Affected: 6.1.0.1 Affected: 6.1.0.2 Affected: 7.0.0.1 Affected: 7.0 Affected: 7.0.0.2 Affected: 7.0.0.3 Affected: 7.0.0.4 Affected: 8.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 7.0.0.5 Affected: 6.1.0.11 Affected: 7.0.0.6 Affected: 8 Affected: 7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94641",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94641"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Message Broker",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.0.2"
},
{
"status": "affected",
"version": "7.0.0.3"
},
{
"status": "affected",
"version": "7.0.0.4"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "7.0.0.5"
},
{
"status": "affected",
"version": "6.1.0.11"
},
{
"status": "affected",
"version": "7.0.0.6"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "7"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "94641",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94641"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995004"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Message Broker",
"version": {
"version_data": [
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.2"
},
{
"version_value": "7.0.0.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.0.2"
},
{
"version_value": "7.0.0.3"
},
{
"version_value": "7.0.0.4"
},
{
"version_value": "8.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "7.0.0.5"
},
{
"version_value": "6.1.0.11"
},
{
"version_value": "7.0.0.6"
},
{
"version_value": "8"
},
{
"version_value": "7"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94641",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94641"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995004",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6080",
"datePublished": "2017-02-01T20:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0394 (GCVE-0-2016-0394)
Vulnerability from nvd – Published: 2017-02-01 20:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
Severity ?
No CVSS data available.
CWE
- File Manipulation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Integration Bus |
Affected:
9.0.0.0
Affected: 9.0 Affected: 10 Affected: 10.0 Affected: 9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:24.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21985013"
},
{
"name": "94577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integration Bus",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "10"
},
{
"status": "affected",
"version": "10.0"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21985013"
},
{
"name": "94577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integration Bus",
"version": {
"version_data": [
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0"
},
{
"version_value": "10"
},
{
"version_value": "10.0"
},
{
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21985013",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21985013"
},
{
"name": "94577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0394",
"datePublished": "2017-02-01T20:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:24.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2961 (GCVE-0-2016-2961)
Vulnerability from nvd – Published: 2016-07-02 14:00 – Updated: 2024-08-05 23:40
VLAI?
Summary
The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:14.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985017"
},
{
"name": "IT15188",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT15188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-07-02T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985017"
},
{
"name": "IT15188",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT15188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21985017",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985017"
},
{
"name": "IT15188",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT15188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-2961",
"datePublished": "2016-07-02T14:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:14.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}