IBM WebSphere MQ 6.x < 22.214.171.124 / 7.x < 126.96.36.199 Queue Manager Buffer Overflow RCE
Critical Nessus Plugin ID 57709
SynopsisThe remote Windows host has a service installed that is affected by a remote code execution vulnerability.
DescriptionThe IBM WebSphere MQ server installed on the remote Windows host is version 6.x prior to 188.8.131.52 or version 7.x prior to 184.108.40.206. It is, therefore, affected by a buffer overflow flaw in the queue manager. A remote, unauthenticated attacker, by submitting a specially crafted request, can exploit this to execute arbitrary code in the context of the application.
SolutionUpgrade to WebSphere MQ 220.127.116.11 / 18.104.22.168 or later.