Java Deserialization Vulnerability in IBM Websphere MQ
CVE-2016-0360

9.8CRITICAL

Key Information:

Vendor

IBM Corporation
Status
WebSphere MQ
Vendor
CVE Published:
15 February 2017

What is CVE-2016-0360?

IBM Websphere MQ clients across several versions are susceptible to a vulnerability that allows the deserialization of objects from untrusted sources. This flaw could lead to unauthorized execution of arbitrary Java code when a malicious user exploits the defect by adding specific classes to the application classpath. It poses a risk to the integrity and confidentiality of the application and its data. For more details, refer to IBM's official documentation and related security disclosures.

Affected Version(s)

WebSphere MQ 7.0.1

WebSphere MQ 7.1

WebSphere MQ 7.5

References

http://www.securityfocus.com/bid/95317
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21983457
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037561
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.