IBM MQ V9 – New CVEs

A new vulnerability has been logged: CVE-2017-1337.

IBM MQ V9.0.1 and V9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text.

Another new vulnerability has been logged: CVE-2017-1284.

IBM MQ V9.0.1 and V9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials.

Regards,
Roger Lacroix
Capitalware Inc.

This entry was posted in IBM i (OS/400), Java, JMS, Linux, MQ, Security, Unix, Windows.

Comments are closed.