There is potential for an authenticated messaging administrator to execute arbitrary commands on the IBM MQ Appliance.
CVEID: CVE-2017-1318 DESCRIPTION: IBM MQ Appliance could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution.
CVSS Base Score: 9.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125730> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.6
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Continuous delivery updates 9.0.1 and 9.0.2
IBM MQ Appliance 8.0
Apply fixpack 8.0.0.7 or later maintenance.
IBM MQ Appliance 9.0.x Continuous Delivery (CD) release
Apply continuous delivery update 9.0.3 or later.
None