Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Websphere_message_broker
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-07-05 | CVE-2017-1144 | IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. | Integration_bus, Websphere_message_broker | 2.5 | ||
| 2017-10-03 | CVE-2017-1126 | IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341. | Integration_bus, Websphere_message_broker | 5.3 | ||
| 2017-02-15 | CVE-2016-9706 | IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. | Integration_bus, Websphere_message_broker | 9.1 | ||
| 2017-02-15 | CVE-2016-9010 | IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906. | Integration_bus, Websphere_message_broker | 6.1 | ||
| 2017-02-01 | CVE-2016-6080 | The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker. | Websphere_message_broker | 5.3 | ||
| 2016-07-02 | CVE-2016-2961 | The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace. | Integration_bus, Websphere_message_broker | 5.3 | ||
| 2017-02-01 | CVE-2016-0394 | IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. | Integration_bus, Websphere_message_broker | 3.3 | ||
| 2016-01-11 | CVE-2015-7399 | IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors. | Integration_bus, Websphere_message_broker | 5.3 | ||
| 2015-10-26 | CVE-2015-5011 | IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command. | Integration_bus, Websphere_message_broker | N/A | ||
| 2015-08-23 | CVE-2015-2018 | IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | Integration_bus, Websphere_message_broker | N/A |