SB2018052403 - Multiple vulnerabilities in IBM MQ
Published: May 24, 2018
Security Bulletin ID
SB2018052403
Severity
Low
Patch available
YES
Number of vulnerabilities
10
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2018-2579)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit Libraries component. A remote attacker can partially access data.
2) Denial of service (CVE-ID: CVE-2018-2663)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit Libraries component. A remote attacker can cause partial denial of service conditions.
3) Denial of service (CVE-ID: CVE-2018-2677)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to a flaw in the Java SE, Java SE Embedded AWT component. A remote attacker can cause partial denial of service conditions.
4) Denial of service (CVE-ID: CVE-2018-2678)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JNDI component. A remote attacker can cause partial denial of service conditions.
5) Security restrictions bypass (CVE-ID: CVE-2018-2602)
The vulnerability allows a local attacker to bypass security restrictions on the target system.The weakness exists due to a flaw in the Java SE, Java SE Embedded I18n component. A local attacker can partially access data, partially modify data, and partially deny service.
6) Security restrictions bypass (CVE-ID: CVE-2018-2603)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit Libraries component. A remote attacker can cause partial denial of service conditions.
7) Denial of service (CVE-ID: CVE-2018-2657)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to a flaw in the Java SE, JRockit Serialization component. A remote attacker can cause partial denial of service conditions.
8) Information disclosure (CVE-ID: CVE-2018-2618)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JCE component. A remote attacker can access data.
9) Security restrictions bypass (CVE-ID: CVE-2018-2637)
The vulnerability allows a local attacker to bypass security restrictions on the target system.The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JMX component. A remote attacker can access and modify data.
10) Privilege escalation (CVE-ID: CVE-2018-2633)
The vulnerability allows a remote attacker to gain elevated privileges.The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JNDI component. A remote attacker can gain system privileges on the target system.
Remediation
Install update from vendor's website.