CVE-2016-8986 — Improper Access Control in Corporation Websphere MQ

CWE-284 — Improper Access Control4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 57.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Websphere MQ IBM Websphere MQ

Timeline

PublishedFeb 22

Latest updateMay 17

Description

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/websphere_mq7 versions+6

▶CVEListV5ibm_corporation/websphere_mq8.0

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-ff7q-2rfw-jg8v: IBM WebSphere MQ 8↗2022-05-17

▶

CVEList

CVE-2016-8986: IBM WebSphere MQ 8↗2017-02-22

▶

💬Community

Bugzilla

CVE-2015-8980 php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter↗2016-08-16

▶