CVE-2016-0360Deserialization of Untrusted Data in Corporation Websphere MQ

CWE-502Deserialization of Untrusted DataCWE-269Improper Privilege Management5 documents5 sources
Severity
9.8CRITICALNVD
GHSA4.4
EPSS
1.0%
top 23.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Corporation Websphere MQIBM Websphere MQ JMS
Timeline
PublishedFeb 15
Latest updateMay 17

Description

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDibm/websphere_mq_jms5 versions+4
CVEListV5ibm_corporation/websphere_mq5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-jx28-c3hv-9f4g: IBM Websphere MQ JMS 72022-05-17
GHSA
Tryton Information Disclosure Vulnerability2022-05-13
CVEList
CVE-2016-0360: IBM Websphere MQ JMS 72017-02-15

💬Community

1
Bugzilla
CVE-2017-0360 tryton: file_open does not sanitize all cases2017-04-05
CVE-2016-0360 — Deserialization of Untrusted Data | cvebase