Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM244ECED1318E3472926D72334F870E4E52EEBDA4CBF4408680F466AF6B21AED2
HistoryJul 27, 2020 - 9:24 a.m.

Security Bulletin: IBM MQ Appliance is affected by multiple libxml2 vulnerabilities

2020-07-2709:24:37
www.ibm.com
17

0.021 Low

EPSS

Percentile

89.3%

JSON

Summary

IBM MQ Appliance has addressed multiple libxml2 vulnerabilities.

Vulnerability Details

CVEID:CVE-2015-8035
**DESCRIPTION:**libxml2 is vulnerable to a denial of service, caused by the failure to properly detect compression errors by the xz_decomp function. By using specially-crafted XML data, a local attacker could exploit this vulnerability to cause the process to hang.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/107845 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2017-15412
**DESCRIPTION:**Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in libXML. By persuading a victim to visit a specially-crafted website, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/136046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID:CVE-2017-18258
**DESCRIPTION:**libxml2 is vulnerable to a denial of service, caused by a flaw in the xz_head function in xzlib.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/141432 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2018-14567
**DESCRIPTION:**libxml2 is vulnerable to a denial of service, caused by an error in xzlib.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148541 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ Appliance 9.1 LTS
IBM MQ Appliance 9.1 CD

Remediation/Fixes

IBM MQ Appliance 9.1 LTS

Apply fixpack 9.1.0.6, or later.

IBM MQ Appliance 9.1 CD

Apply IBM MQ Appliance 9.2, or later.

Workarounds and Mitigations

None

Related

nessus 50
centos 1
redhat 3
f5 1
oraclelinux 1
amazon 2
nvd 5
prion 5
debiancve 5
cve 5
openvas 38
osv 10
alpinelinux 2
redhatcve 4
cvelist 5
ubuntucve 5
suse 3
debian 7
ibm 16
cloudfoundry 2
github 2
veracode 6
ubuntu 4
mageia 4
rubygems 3
fedora 4
altlinux 2
freebsd 1
archlinux 1
kaspersky 1
gentoo 1
nessus
nessus
RHEL 7 : libxml2 (RHSA-2020:1190)
2020-04-01 00:00:00
Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20200407)
2020-04-21 00:00:00
CentOS 7 : libxml2 (CESA-2020:1190)
2020-04-10 00:00:00
centos
centos
libxml2 security update
2020-04-08 18:42:56
redhat
redhat
(RHSA-2020:1190) Moderate: libxml2 security update
2020-03-31 09:30:25
(RHSA-2018:0287) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
2018-02-08 12:38:27
(RHSA-2017:3401) Critical: chromium-browser security update
2017-12-07 19:20:02
f5
f5
K76678525 : libxml2 vulnerabilities CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567
2022-02-15 00:00:00
oraclelinux
oraclelinux
libxml2 security update
2020-04-06 00:00:00
amazon
amazon
Important: libxml2
2020-08-10 22:59:00
Important: libxml2
2020-07-21 16:34:00
nvd
nvd
CVE-2018-14567
2018-08-16 20:29:02
CVE-2017-18258
2018-04-08 17:29:00
CVE-2017-15412
2018-08-28 19:29:05
prion
prion
Design/Logic Flaw
2018-08-16 20:29:00
Design/Logic Flaw
2018-04-08 17:29:00
Design/Logic Flaw
2015-11-18 16:59:00
debiancve
debiancve
CVE-2018-14567
2018-08-16 20:29:02
CVE-2017-18258
2018-04-08 17:29:00
CVE-2017-15412
2018-08-28 19:29:05
cve
cve
CVE-2018-14567
2018-08-16 20:29:02
CVE-2017-18258
2018-04-08 17:29:00
CVE-2015-8035
2015-11-18 16:59:09
openvas
openvas
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1316)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1559)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-2491)
2020-01-23 00:00:00
osv
osv
libxml2 - security update
2018-09-27 00:00:00
Uncontrolled resource consumption in nokogiri
2018-04-13 16:17:46
libxml2 - security update
2018-01-13 00:00:00
alpinelinux
alpinelinux
CVE-2018-14567
2018-08-16 20:29:02
CVE-2018-9251
2018-04-04 02:29:00
redhatcve
redhatcve
CVE-2018-14567
2018-08-22 02:19:05
CVE-2017-18258
2018-04-12 23:19:08
CVE-2017-15412
2019-11-07 04:21:28
cvelist
cvelist
CVE-2018-14567
2018-08-16 20:00:00
CVE-2015-8035
2015-11-18 16:00:00
CVE-2017-18258
2018-04-08 17:00:00
ubuntucve
ubuntucve
CVE-2018-14567
2018-07-31 00:00:00
CVE-2015-8035
2015-11-02 00:00:00
CVE-2017-15412
2017-12-07 00:00:00
suse
suse
Security update for libxml2 (moderate)
2018-10-12 12:10:07
Security update for libxml2 (moderate)
2018-10-12 12:12:16
Security update for chromium (important)
2017-12-08 12:15:33
debian
debian
[SECURITY] [DLA 1524-1] libxml2 security update
2018-09-27 20:04:03
[SECURITY] [DLA 1211-1] libxml2 security update
2017-12-18 18:17:37
[SECURITY] [DSA 4086-1] libxml2 security update
2018-01-13 16:46:50
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in libxml2 affects IBM Watson Studio Local
2019-12-18 18:01:21
Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities
2021-04-09 03:15:36
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to denial of service due to CVE-2017-18258
2022-11-07 16:15:28
cloudfoundry
cloudfoundry
USN-3739-1: libxml2 vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
USN-3513-1: libxml2 vulnerability | Cloud Foundry
2018-01-24 00:00:00
github
github
Uncontrolled resource consumption in nokogiri
2018-04-13 16:17:46
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
2022-05-14 02:19:17
veracode
veracode
Copy-Paste Vulnerability Through LibXML2
2018-04-24 02:43:19
Copy-Paste Vulnerability (CPV) Through Libxml2
2018-10-16 03:04:15
Denial Of Service (DoS)
2018-08-29 06:34:49
ubuntu
ubuntu
libxml2 vulnerabilities
2018-08-14 00:00:00
libxml2 vulnerability
2017-12-13 00:00:00
libxml2 vulnerability
2017-12-13 00:00:00
mageia
mageia
Updated libxml2 packages fix security vulnerability
2015-11-06 01:46:03
Updated libxml2 packages fix security vulnerabilities
2019-01-23 18:50:09
Updated libxml2 packages fix security vulnerability
2018-01-03 18:50:51
rubygems
rubygems
Moderate severity vulnerability that affects nokogiri
2018-04-12 21:00:00
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
2018-10-03 21:00:00
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
2015-04-13 21:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: mingw-libxml2-2.9.3-1.fc22
2016-02-17 04:26:04
[SECURITY] Fedora 23 Update: mingw-libxml2-2.9.3-1.fc23
2016-02-17 04:02:04
[SECURITY] Fedora 22 Update: libxml2-2.9.3-1.fc22
2015-11-30 23:26:43
altlinux
altlinux
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.9.0.52.f824-alt1
2019-05-22 00:00:00
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.9.0.52.f824-alt1
2019-05-22 00:00:00
freebsd
freebsd
libxml2 -- multiple vulnerabilities
2015-11-20 00:00:00
archlinux
archlinux
libxml2: multiple issues
2015-12-09 00:00:00
kaspersky
kaspersky
KLA11152 Multiple vulnerabilities in Google Chrome
2017-12-07 00:00:00
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2018-01-07 00:00:00

0.021 Low

EPSS

Percentile

89.3%

JSON
Related for 244ECED1318E3472926D72334F870E4E52EEBDA4CBF4408680F466AF6B21AED2
nessus50centos1redhat3f51oraclelinux1amazon2nvd5prion5debiancve5cve5openvas38osv10alpinelinux2redhatcve4cvelist5ubuntucve5suse3debian7ibm16cloudfoundry2github2veracode6ubuntu4mageia4rubygems3fedora4altlinux2freebsd1archlinux1kaspersky1gentoo1