cvelistv5 - cve-2017-1341

CVE-2017-1341 (GCVE-0-2017-1341)

Vulnerability from cvelistv5 – Published: 2017-12-07 15:00 – Updated: 2024-09-16 18:45

Summary

IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.

Severity ?

No CVSS data available.

CWE

Bypass Security

Assigner

ibm

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22005400	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/102042	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	MQ	Affected: 9.0 Affected: 9.0.1 Affected: 9.0.0.1 Affected: 9.0.2 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.0.6 Affected: 8.0.0.7 Affected: 9.0.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.322Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22005400"
          },
          {
            "name": "102042",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102042"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.5"
            },
            {
              "status": "affected",
              "version": "8.0.0.6"
            },
            {
              "status": "affected",
              "version": "8.0.0.7"
            },
            {
              "status": "affected",
              "version": "9.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-12-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Bypass Security",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-08T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22005400"
        },
        {
          "name": "102042",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102042"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-12-04T00:00:00",
          "ID": "CVE-2017-1341",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "9.0.0.1"
                          },
                          {
                            "version_value": "9.0.2"
                          },
                          {
                            "version_value": "8.0.0.1"
                          },
                          {
                            "version_value": "8.0.0.2"
                          },
                          {
                            "version_value": "8.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.4"
                          },
                          {
                            "version_value": "8.0.0.5"
                          },
                          {
                            "version_value": "8.0.0.6"
                          },
                          {
                            "version_value": "8.0.0.7"
                          },
                          {
                            "version_value": "9.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Bypass Security"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22005400",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005400"
            },
            {
              "name": "102042",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102042"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1341",
    "datePublished": "2017-12-07T15:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T18:45:12.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5502347-56F2-400F-944B-A532A3A8DE0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D800EA34-4826-4689-A3C0-03724290567B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCBDF404-693B-4500-80FA-90AE022BD5C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FFC3793-4880-4103-B7F6-06F96A17357B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3679D6F-1E3A-4546-A05B-5B4EA515B4C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4E6617F-85DF-49FE-B713-148624DC87A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63E773A8-4ED2-47AA-A2D7-5CD02CBA47C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4084EE93-8B41-493E-BB50-9ABC8E956C89\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"406AADD2-9732-44F1-91FC-F8C90088AD5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"018595DD-9AAD-44C7-9A46-BC78AF1F6C2B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.\"}, {\"lang\": \"es\", \"value\": \"IBM WebSphere MQ 8.0 y 9.0 podr\\u00eda permitir, bajo circunstancias especiales, que un usuario no autorizado acceda a un objeto para el que no deber\\u00edan contar con acceso. IBM X-Force ID: 126456.\"}]",
      "id": "CVE-2017-1341",
      "lastModified": "2024-11-21T03:21:44.993",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 3.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-12-07T15:29:00.563",
      "references": "[{\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg22005400\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102042\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/126456\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Issue Tracking\", \"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg22005400\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102042\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/126456\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"VDB Entry\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-1341\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2017-12-07T15:29:00.563\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.\"},{\"lang\":\"es\",\"value\":\"IBM WebSphere MQ 8.0 y 9.0 podr\u00eda permitir, bajo circunstancias especiales, que un usuario no autorizado acceda a un objeto para el que no deber\u00edan contar con acceso. IBM X-Force ID: 126456.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5502347-56F2-400F-944B-A532A3A8DE0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D800EA34-4826-4689-A3C0-03724290567B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCBDF404-693B-4500-80FA-90AE022BD5C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FFC3793-4880-4103-B7F6-06F96A17357B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3679D6F-1E3A-4546-A05B-5B4EA515B4C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4E6617F-85DF-49FE-B713-148624DC87A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63E773A8-4ED2-47AA-A2D7-5CD02CBA47C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4084EE93-8B41-493E-BB50-9ABC8E956C89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"406AADD2-9732-44F1-91FC-F8C90088AD5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"018595DD-9AAD-44C7-9A46-BC78AF1F6C2B\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22005400\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102042\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/126456\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Issue Tracking\",\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22005400\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102042\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/126456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"VDB Entry\",\"Vendor Advisory\"]}]}}"
  }
}

GSD-2017-1341

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.

Aliases

CVE-2017-1341

Aliases

CVE-2017-1341

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-1341",
    "description": "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.",
    "id": "GSD-2017-1341"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-1341"
      ],
      "details": "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.",
      "id": "GSD-2017-1341",
      "modified": "2023-12-13T01:21:11.516143Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2017-12-04T00:00:00",
        "ID": "CVE-2017-1341",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MQ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "9.0"
                        },
                        {
                          "version_value": "9.0.1"
                        },
                        {
                          "version_value": "9.0.0.1"
                        },
                        {
                          "version_value": "9.0.2"
                        },
                        {
                          "version_value": "8.0.0.1"
                        },
                        {
                          "version_value": "8.0.0.2"
                        },
                        {
                          "version_value": "8.0.0.3"
                        },
                        {
                          "version_value": "8.0.0.4"
                        },
                        {
                          "version_value": "8.0.0.5"
                        },
                        {
                          "version_value": "8.0.0.6"
                        },
                        {
                          "version_value": "8.0.0.7"
                        },
                        {
                          "version_value": "9.0.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Bypass Security"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456"
          },
          {
            "name": "http://www.ibm.com/support/docview.wss?uid=swg22005400",
            "refsource": "CONFIRM",
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22005400"
          },
          {
            "name": "102042",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102042"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1341"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22005400",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005400"
            },
            {
              "name": "102042",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102042"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-12-07T15:29Z"
    }
  }
}

VAR-201712-0784

Vulnerability from variot - Updated: 2022-05-04 09:39

IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. Vendors have confirmed this vulnerability IBM X-Force ID: 126456 It is released as.Information may be tampered with. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0784",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM.",
    "sources": [
      {
        "db": "BID",
        "id": "102042"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-1341",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-1341",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.7,
            "baseSeverity": "Low",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-1341",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 1.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-1341",
            "trust": 1.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-101",
            "trust": 0.6,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. Vendors have confirmed this vulnerability IBM X-Force ID: 126456 It is released as.Information may be tampered with. \nAn attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "BID",
        "id": "102042"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-1341",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "102042",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "id": "VAR-201712-0784",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T09:39:21.241000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "2005400",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005400"
      },
      {
        "title": "IBM WebSpher MQ  and IBM WebSpher MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76925"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=swg22005400"
      },
      {
        "trust": 1.6,
        "url": "https://www.securityfocus.com/bid/102042"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1341"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1341"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005400"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "102042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-04T00:00:00",
        "db": "BID",
        "id": "102042"
      },
      {
        "date": "2017-12-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "date": "2017-12-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      },
      {
        "date": "2017-12-07T15:29:00",
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-19T22:01:00",
        "db": "BID",
        "id": "102042"
      },
      {
        "date": "2017-12-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "date": "2020-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      },
      {
        "date": "2019-10-03T00:03:00",
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere MQ Access control vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      }
    ],
    "trust": 0.6
  }
}

GHSA-RWCH-8PPJ-XJ9Q

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43

Details

IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.

Severity ?

3.7 (Low)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-1341"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-07T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.",
  "id": "GHSA-rwch-8ppj-xj9q",
  "modified": "2022-05-13T01:43:10Z",
  "published": "2022-05-13T01:43:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1341"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005400"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102042"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-1341

Vulnerability from fkie_nvd - Published: 2017-12-07 15:29 - Updated: 2025-04-20 01:37

Severity ?

3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22005400	Issue Tracking, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/102042	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/126456	Issue Tracking, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22005400	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102042	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/126456	Issue Tracking, VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	websphere_mq	8.0.0.1
ibm	websphere_mq	8.0.0.2
ibm	websphere_mq	8.0.0.3
ibm	websphere_mq	8.0.0.4
ibm	websphere_mq	8.0.0.5
ibm	websphere_mq	8.0.0.6
ibm	websphere_mq	8.0.0.7
ibm	websphere_mq	9.0
ibm	websphere_mq	9.0.0.1
ibm	websphere_mq	9.0.1
ibm	websphere_mq	9.0.2
ibm	websphere_mq	9.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5502347-56F2-400F-944B-A532A3A8DE0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D800EA34-4826-4689-A3C0-03724290567B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCBDF404-693B-4500-80FA-90AE022BD5C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FFC3793-4880-4103-B7F6-06F96A17357B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3679D6F-1E3A-4546-A05B-5B4EA515B4C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E6617F-85DF-49FE-B713-148624DC87A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63E773A8-4ED2-47AA-A2D7-5CD02CBA47C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4084EE93-8B41-493E-BB50-9ABC8E956C89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "406AADD2-9732-44F1-91FC-F8C90088AD5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "018595DD-9AAD-44C7-9A46-BC78AF1F6C2B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456."
    },
    {
      "lang": "es",
      "value": "IBM WebSphere MQ 8.0 y 9.0 podr\u00eda permitir, bajo circunstancias especiales, que un usuario no autorizado acceda a un objeto para el que no deber\u00edan contar con acceso. IBM X-Force ID: 126456."
    }
  ],
  "id": "CVE-2017-1341",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-07T15:29:00.563",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005400"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102042"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005400"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-37590

Vulnerability from cnvd - Published: 2017-12-20

Title

IBM WebSpher MQ和IBM WebSpher MQ Appliance未授权访问漏洞

Description

IBM WebSpher MQ是美国IBM公司的一款消息传递中间件。该产品通过使用消息传递队列发送和接收消息数据，用来保证在应用程序、系统、服务和文件之间进行信息交换。IBM WebSpher MQ Appliance是一款消息传递中间件设备。 IBM WebSpher MQ和IBM WebSpher MQ Appliance中存在未授权访问漏洞。远程攻击者利用该漏洞访问无权访问的对象。

Severity

低

Patch Name

IBM WebSpher MQ和IBM WebSpher MQ Appliance未授权访问漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www-01.ibm.com/support/docview.wss?uid=swg22005400

Reference

http://www.securityfocus.com/bid/102042

Impacted products

Name
['IBM MQ V9 >=9.0.0.0，<=9.0.0.1', 'IBM MQ V8 >=8.0.0.0，<=8.0.0.7', 'IBM MQ Appliance V8 >=8.0.0.0，<=8.0.0.7', 'IBM MQ V9 CD >=9.0.1，<=9.0.3', 'IBM MQ Appliance V9 CD >=9.0.1，<=9.0.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-1341"
    }
  },
  "description": "IBM WebSpher MQ\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u6d88\u606f\u4f20\u9012\u4e2d\u95f4\u4ef6\u3002\u8be5\u4ea7\u54c1\u901a\u8fc7\u4f7f\u7528\u6d88\u606f\u4f20\u9012\u961f\u5217\u53d1\u9001\u548c\u63a5\u6536\u6d88\u606f\u6570\u636e\uff0c\u7528\u6765\u4fdd\u8bc1\u5728\u5e94\u7528\u7a0b\u5e8f\u3001\u7cfb\u7edf\u3001\u670d\u52a1\u548c\u6587\u4ef6\u4e4b\u95f4\u8fdb\u884c\u4fe1\u606f\u4ea4\u6362\u3002IBM WebSpher MQ Appliance\u662f\u4e00\u6b3e\u6d88\u606f\u4f20\u9012\u4e2d\u95f4\u4ef6\u8bbe\u5907\u3002\r\n\r\nIBM WebSpher MQ\u548cIBM WebSpher MQ Appliance\u4e2d\u5b58\u5728\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u65e0\u6743\u8bbf\u95ee\u7684\u5bf9\u8c61\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg22005400",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-37590",
  "openTime": "2017-12-20",
  "patchDescription": "IBM WebSpher MQ\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u6d88\u606f\u4f20\u9012\u4e2d\u95f4\u4ef6\u3002\u8be5\u4ea7\u54c1\u901a\u8fc7\u4f7f\u7528\u6d88\u606f\u4f20\u9012\u961f\u5217\u53d1\u9001\u548c\u63a5\u6536\u6d88\u606f\u6570\u636e\uff0c\u7528\u6765\u4fdd\u8bc1\u5728\u5e94\u7528\u7a0b\u5e8f\u3001\u7cfb\u7edf\u3001\u670d\u52a1\u548c\u6587\u4ef6\u4e4b\u95f4\u8fdb\u884c\u4fe1\u606f\u4ea4\u6362\u3002IBM WebSpher MQ Appliance\u662f\u4e00\u6b3e\u6d88\u606f\u4f20\u9012\u4e2d\u95f4\u4ef6\u8bbe\u5907\u3002\r\n\r\nIBM WebSpher MQ\u548cIBM WebSpher MQ Appliance\u4e2d\u5b58\u5728\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u65e0\u6743\u8bbf\u95ee\u7684\u5bf9\u8c61\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM WebSpher MQ\u548cIBM WebSpher MQ Appliance\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM MQ V9 \u003e=9.0.0.0\uff0c\u003c=9.0.0.1",
      "IBM MQ V8 \u003e=8.0.0.0\uff0c\u003c=8.0.0.7",
      "IBM MQ Appliance V8 \u003e=8.0.0.0\uff0c\u003c=8.0.0.7",
      "IBM MQ V9 CD \u003e=9.0.1\uff0c\u003c=9.0.3",
      "IBM MQ Appliance V9 CD \u003e=9.0.1\uff0c\u003c=9.0.3"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/102042",
  "serverity": "\u4f4e",
  "submitTime": "2017-12-07",
  "title": "IBM WebSpher MQ\u548cIBM WebSpher MQ Appliance\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-1341 (GCVE-0-2017-1341)

GSD-2017-1341

VAR-201712-0784

GHSA-RWCH-8PPJ-XJ9Q

FKIE_CVE-2017-1341

CNVD-2017-37590

Tags

Sightings

Nomenclature