IBM WebSphere MQ: Multiple Vulnerabilities

    Type

  • WebEx Remote Support Application Vulnerability

    • Severity

  • High

    • Affected products

  • WebSphere MQ

    • Date

  • 2009-10-05

    • CVE Reference

  • N/A

Multiple vulnerabilities have been identified in IBM WebSphere MQ which could lead to a denial of service attack or potentially remote code execution. Please note that specific MQ security controls can partially mitigate the risk associated with these issues if these have been deployed in an appropriate manner.

A combined fix pack has been released which addresses these issues found:

http://www-01.ibm.com/support/docview.wss?uid=swg24024153

Due to the nature of these vulnerabilities full details will not be provided at the present time so that customers are able to apply the appropriate security patches. However, a full advisory will be released in approximately 3 months time. MWR InfoSecurity customers can obtain further information about the issue by contacting their account manager.