IBM WebSphere MQ 7.5.x / 8.0.0.x < 8.0.0.8 / 9.0.x < 9.0.4 / 9.0.0.x < 9.0.0.2 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A message queuing service installed on the remote host is affected by
multiple vulnerabilities.

Description :

According to its self-reported version, the IBM WebSphere MQ server
installed on the remote Windows host is 7.5.x without patch APAR
IT15943, 8.0.0.x prior to 8.0.0.8, 9.0.x prior to 9.0.4, or 9.0.0.x
prior to 9.0.0.2. It is, therefore, affected by multiple
vulnerabilities.

See also :

https://www-01.ibm.com/support/docview.wss?uid=swg22005400
https://www-01.ibm.com/support/docview.wss?uid=swg22005525

Solution :

Upgrade to WebSphere MQ version 8.0.0.8 / 9.0.4 / 9.0.0.2 or later.
- For version 7.5.x, apply the patch APAR IT15943.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 105082 ()

Bugtraq ID: 102042

CVE ID: CVE-2017-1341
CVE-2017-1433

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now