CVE-2017-1285 - OpenCVE

IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Websphere Mq

Configuration 1 [-]

OR	cpe:2.3:a:ibm:websphere_mq:9.0.1:::::::*
	cpe:2.3:a:ibm:websphere_mq:9.0.2:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/99538	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/125146	VDB Entry Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=swg22003856	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2017-07-10T00:00:00

Updated: 2017-07-13T09:57:01

Reserved: 2016-11-30T00:00:00

Link: CVE-2017-1285

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-07-12T17:29:00.403

Modified: 2017-07-17T16:42:16.260

Link: CVE-2017-1285

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "MQ", "vendor": "IBM", "versions": [{"status": "affected", "version": "9.0.1"}, {"status": "affected", "version": "9.0.2"}]}], "datePublic": "2017-07-10T00:00:00", "descriptions": [{"lang": "en", "value": "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-13T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/docview.wss?uid=swg22003856"}, {"name": "99538", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99538"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-07-10T00:00:00", "ID": "CVE-2017-1285", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MQ", "version": {"version_data": [{"version_value": "9.0.1"}, {"version_value": "9.0.2"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146"}, {"name": "https://www.ibm.com/support/docview.wss?uid=swg22003856", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=swg22003856"}, {"name": "99538", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99538"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1285", "datePublished": "2017-07-10T00:00:00", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2017-07-13T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "406AADD2-9732-44F1-91FC-F8C90088AD5A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146."}, {"lang": "es", "value": "IBM WebSphere MQ 9.0.1 y 9.0.2 podr\u00eda permitir a un usuario autenticado con autoridad para enviar mensajes especialmente manipulados que causar\u00edan que un canal permaneciese en un estado de ejecuci\u00f3n pero no procesar\u00eda mensajes. IBM X-Force ID: 125146."}], "id": "CVE-2017-1285", "lastModified": "2017-07-17T16:42:16.260", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-12T17:29:00.403", "references": [{"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99538"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/docview.wss?uid=swg22003856"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}