CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8986
https://notcve.org/view.php?id=CVE-2016-8986
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648. IBM WebSphere MQ 8.0 podría permitir a un usuario autenticado con acceso al gestor de colas derribar canales MQ utilizando peticiones HTTP especialmente manipuladas. IBM Reference #: 1998648. • http://www.ibm.com/support/docview.wss?uid=swg21998648 http://www.securityfocus.com/bid/96412 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0360
https://notcve.org/view.php?id=CVE-2016-0360
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457. El cliente de IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0 y 9.0 provee clases que deserializan objetos desde fuentes no confiables que podrían permitir a un usuario malicioso ejecutar código Java arbitrario añadiendo clases vulnerables a la ruta de clase. IBM Referencia #: 1983457. • http://www-01.ibm.com/support/docview.wss?uid=swg21983457 http://www.securityfocus.com/bid/95317 http://www.securitytracker.com/id/1037561 • CWE-502: Deserialization of Untrusted Data •
CVSS: 3.5EPSS: 0%CPEs: 12EXPL: 0CVE-2016-0379
https://notcve.org/view.php?id=CVE-2016-0379
IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights. IBM WebSphere MQ 7.5 en versiones anteriores a 7.5.0.7 y 8.0 en versiones anteriores a 8.0.0.5 no maneja correctamente flujos de protocolo, lo que permite a usuarios remotos autenticados provocar una denegación de servicio (corte de canal) aprovechando derechos del gestor de cola. • http://www-01.ibm.com/support/docview.wss?uid=swg21984565 http://www.securityfocus.com/bid/93146 • CWE-19: Data Processing Errors •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5879
https://notcve.org/view.php?id=CVE-2016-5879
MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command. MQCLI en dispositivos IBM MQ Appliance M2000 y M2001 permite a usuarios locales ejecutar comandos shell arbitrarios a través de un comando (1) Disaster Recovery o (2) High Availability manipulado . • http://www-01.ibm.com/support/docview.wss?uid=swg1IT16174 http://www-01.ibm.com/support/docview.wss?uid=swg21987697 http://www.securityfocus.com/bid/92538 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0260
https://notcve.org/view.php?id=CVE-2016-0260
Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors. Fuga de memoria en agentes de gestión de cola en IBM WebSphere MQ 8.x en versiones anteriores a 8.0.0.5 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria dinámica) desencadenando muchos errores. • http://www-01.ibm.com/support/docview.wss?uid=swg21984564 • CWE-399: Resource Management Errors •