CVE-2017-1760

Current Description

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.

Basic Data

PublishedDecember 11, 2017
Last ModifiedOctober 03, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:N/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score3.6
SeverityLOW
Exploitability Score3.9
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVSS 3 - Attack VectorLOCAL
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredLOW
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactNONE
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score7.1
CVSS 3 - Base SeverityHIGH
Exploitability Score1.8
Base SeverityHIGH

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmWebsphere Mq7.5*******
    2.3ApplicationIbmWebsphere Mq7.5.0.1*******
    2.3ApplicationIbmWebsphere Mq7.5.0.2*******
    2.3ApplicationIbmWebsphere Mq7.5.0.3*******
    2.3ApplicationIbmWebsphere Mq7.5.0.4*******
    2.3ApplicationIbmWebsphere Mq7.5.0.5*******
    2.3ApplicationIbmWebsphere Mq7.5.0.6*******
    2.3ApplicationIbmWebsphere Mq7.5.0.7*******
    2.3ApplicationIbmWebsphere Mq7.5.0.8*******
    2.3ApplicationIbmWebsphere Mq8.0*******
    2.3ApplicationIbmWebsphere Mq8.0.0.1*******
    2.3ApplicationIbmWebsphere Mq8.0.0.2*******
    2.3ApplicationIbmWebsphere Mq8.0.0.3*******
    2.3ApplicationIbmWebsphere Mq8.0.0.4*******
    2.3ApplicationIbmWebsphere Mq8.0.0.5*******
    2.3ApplicationIbmWebsphere Mq8.0.0.6*******
    2.3ApplicationIbmWebsphere Mq9.0*******
    2.3ApplicationIbmWebsphere Mq9.0.0.1*******
    2.3ApplicationIbmWebsphere Mq9.0.1*******
    2.3ApplicationIbmWebsphere Mq9.0.2*******
    2.3ApplicationIbmWebsphere Mq9.0.3*******

Vulnerable Software List

VendorProductVersions
Ibm Websphere Mq 7.5, 7.5.0.1, 7.5.0.2, 7.5.0.3, 7.5.0.4, 7.5.0.5, 7.5.0.6, 7.5.0.7, 7.5.0.8, 8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.0.0.5, 8.0.0.6, 9.0, 9.0.0.1, 9.0.1, 9.0.2, 9.0.3

References

NameSourceURLTags
http://www.ibm.com/support/docview.wss?uid=swg22005392http://www.ibm.com/support/docview.wss?uid=swg22005392CONFIRMIssue Tracking Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/126454https://exchange.xforce.ibmcloud.com/vulnerabilities/126454MISCIssue Tracking VDB Entry Vendor Advisory