IBM WebSphere Message Broker Java Multiple Vulnerabilities

by Carol~ Moderator - 1/29/13 2:23 PM

In Reply to: VULNERABILITIES / FIXES - January 29, 2013 by Carol~ Moderator

Release Date: 2013-01-29

Criticality level : Highly critical
Impact : Manipulation of data
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Software:
IBM WebSphere Message Broker 6.x
IBM WebSphere Message Broker 7.x
IBM WebSphere Message Broker 8.x

Description:
IBM has acknowledged multiple vulnerabilities in IBM WebSphere Message Broker, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

The vulnerabilities exist in the bundled version of Java.

The vulnerabilities are reported in versions 6.1.0.x, 7.0.0.x, and 8.0.0.x.

Solution:
Apply APARs.

Original Advisory:
IBM (IC87635, IC87637):
http://www.ibm.com/support/docview.wss?uid=swg21621771

http://secunia.com/advisories/52006/