Sign-up

ID

VAR-201712-0784


CVE

CVE-2017-1341


TITLE

IBM WebSphere MQ Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010972

DESCRIPTION

IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. Vendors have confirmed this vulnerability IBM X-Force ID: 126456 It is released as.Information may be tampered with. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks

Trust: 1.89

sources: NVD: CVE-2017-1341 // JVNDB: JVNDB-2017-010972 // BID: 102042

AFFECTED PRODUCTS

vendor:ibmmodel:websphere mqscope:eqversion:9.0

Trust: 2.4

vendor:ibmmodel:websphere mqscope:eqversion:8.0.0.5

Trust: 1.9

vendor:ibmmodel:websphere mqscope:eqversion:8.0.0.4

Trust: 1.9

vendor:ibmmodel:websphere mqscope:eqversion:8.0.0.3

Trust: 1.9

vendor:ibmmodel:websphere mqscope:eqversion:8.0.0.2

Trust: 1.9

vendor:ibmmodel:websphere mqscope:eqversion:8.0.0.1

Trust: 1.9

vendor:ibmmodel:websphere mqscope:eqversion:9.0.0.1

Trust: 1.6

vendor:ibmmodel:websphere mqscope:eqversion:8.0.0.6

Trust: 1.6

vendor:ibmmodel:websphere mqscope:eqversion:9.0.1

Trust: 1.6

vendor:ibmmodel:websphere mqscope:eqversion:8.0.0.7

Trust: 1.6

vendor:ibmmodel:websphere mqscope:eqversion:8.0

Trust: 1.1

vendor:ibmmodel:websphere mqscope:eqversion:9.0.3

Trust: 1.0

vendor:ibmmodel:websphere mqscope:eqversion:9.0.2

Trust: 1.0

vendor:ibmmodel:websphere mqscope:eqversion:8.0.0.0

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.7

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.6

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.5

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.4

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.3

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.2

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.1

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.0

Trust: 0.3

sources: BID: 102042 // JVNDB: JVNDB-2017-010972 // CNNVD: CNNVD-201712-101 // NVD: CVE-2017-1341

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-1341
value: LOW

Trust: 1.8

CNNVD: CNNVD-201712-101
value: LOW

Trust: 0.6

NVD: CVE-2017-1341
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2017-1341
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2017-010972 // CNNVD: CNNVD-201712-101 // NVD: CVE-2017-1341

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2017-010972 // NVD: CVE-2017-1341

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-101

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201712-101

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-1341

PATCH
title:2005400url:http://www-01.ibm.com/support/docview.wss?uid=swg22005400
Trust: 0.8
title:IBM WebSpher MQ  and IBM WebSpher MQ Appliance Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76925
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010972 // 
            
            
            
            CNNVD: CNNVD-201712-101

EXTERNAL IDS
db:NVDid:CVE-2017-1341
Trust: 2.7
db:BIDid:102042
Trust: 1.9
db:JVNDBid:JVNDB-2017-010972
Trust: 0.8
db:CNNVDid:CNNVD-201712-101
Trust: 0.6
sources:
            
            
            BID: 102042 // 
            
            
            
            JVNDB: JVNDB-2017-010972 // 
            
            
            
            CNNVD: CNNVD-201712-101 // 
            
            
            
            NVD: CVE-2017-1341

REFERENCES
url:https://www.ibm.com/support/docview.wss?uid=swg22005400
Trust: 1.6
url:https://www.securityfocus.com/bid/102042
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/126456
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1341
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-1341
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg22005400
Trust: 0.3
sources:
            
            
            BID: 102042 // 
            
            
            
            JVNDB: JVNDB-2017-010972 // 
            
            
            
            CNNVD: CNNVD-201712-101 // 
            
            
            
            NVD: CVE-2017-1341

CREDITS
IBM.
Trust: 0.9
sources:
            
            
            BID: 102042 // 
            
            
            
            CNNVD: CNNVD-201712-101

SOURCES
db:BIDid:102042
db:JVNDBid:JVNDB-2017-010972
db:CNNVDid:CNNVD-201712-101
db:NVDid:CVE-2017-1341

LAST UPDATE DATE
2022-05-04T09:39:21.241000+00:00

SOURCES UPDATE DATE
db:BIDid:102042date:2017-12-19T22:01:00
db:JVNDBid:JVNDB-2017-010972date:2017-12-28T00:00:00
db:CNNVDid:CNNVD-201712-101date:2020-07-27T00:00:00
db:NVDid:CVE-2017-1341date:2019-10-03T00:03:00

SOURCES RELEASE DATE
db:BIDid:102042date:2017-12-04T00:00:00
db:JVNDBid:JVNDB-2017-010972date:2017-12-28T00:00:00
db:CNNVDid:CNNVD-201712-101date:2017-12-08T00:00:00
db:NVDid:CVE-2017-1341date:2017-12-07T15:29:00