CNVD-2016-03935

Vulnerability from cnvd - Published: 2016-06-13
VLAI Severity ?
Title
IBM WebSphere MQ for IBM i密码获取漏洞
Description
IBM WebSphere MQ是一款消息传递中间件产品。 IBM WebSphere MQ mqcertck工具存在密码获取漏洞,本地攻击者可利用该漏洞以管理员权限解密其他MQ管理员密码。
Severity
Patch Name
IBM WebSphere MQ for IBM i密码获取漏洞的补丁
Patch Description
IBM WebSphere MQ是一款消息传递中间件产品。 IBM WebSphere MQ mqcertck工具存在密码获取漏洞,本地攻击者可利用该漏洞以管理员权限解密其他MQ管理员密码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞: http://www.ibm.com/support/docview.wss?uid=swg21984557

Reference
http://www.ibm.com/support/docview.wss?uid=swg21984557
Impacted products
Name
IBM WebSphere MQ for IBM 8.0.0.4
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7462"
    }
  },
  "description": "IBM WebSphere MQ\u662f\u4e00\u6b3e\u6d88\u606f\u4f20\u9012\u4e2d\u95f4\u4ef6\u4ea7\u54c1\u3002\r\n\r\nIBM WebSphere MQ mqcertck\u5de5\u5177\u5b58\u5728\u5bc6\u7801\u83b7\u53d6\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u89e3\u5bc6\u5176\u4ed6MQ\u7ba1\u7406\u5458\u5bc6\u7801\u3002",
  "discovererName": "IBM",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.ibm.com/support/docview.wss?uid=swg21984557",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-03935",
  "openTime": "2016-06-13",
  "patchDescription": "IBM WebSphere MQ\u662f\u4e00\u6b3e\u6d88\u606f\u4f20\u9012\u4e2d\u95f4\u4ef6\u4ea7\u54c1\u3002\r\n\r\nIBM WebSphere MQ mqcertck\u5de5\u5177\u5b58\u5728\u5bc6\u7801\u83b7\u53d6\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u89e3\u5bc6\u5176\u4ed6MQ\u7ba1\u7406\u5458\u5bc6\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM WebSphere MQ for IBM i\u5bc6\u7801\u83b7\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "IBM WebSphere MQ for IBM 8.0.0.4"
  },
  "referenceLink": "http://www.ibm.com/support/docview.wss?uid=swg21984557",
  "serverity": "\u4e2d",
  "submitTime": "2016-06-10",
  "title": "IBM WebSphere MQ for IBM i\u5bc6\u7801\u83b7\u53d6\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.