CVE-2017-1126

CWE-200 — Information Exposure4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 59.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Integration BUS IBM Websphere Message Broker

Timeline

PublishedOct 4

Latest updateMay 17

Description

IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDibm/websphere_message_broker9 versions+8

▶CVEListV5ibm/integration_bus10.0, 9.0+1

▶NVDibm/integration_bus18 versions+17

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-xxpp-86hx-cjfg: IBM WebSphere Message Broker (IBM Integration Bus 9↗2022-05-17

▶

CVEList

CVE-2017-1126: IBM WebSphere Message Broker (IBM Integration Bus 9↗2017-10-03

▶

💥Exploits & PoCs

Exploit-DB

Apple macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption↗2017-04-04

▶