A vulnerability in Network Security Services (NSS) was addressed by IBM MQ Appliance.
CVEID: CVE-2016-1950**
DESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox and Firefox ESR, is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when parsing certain ASN.1 structures. By persuading a victim to open a specially crafted X.509 certificate, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111360> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
IBM MQ Appliance M2000
Apply the iFix for APAR IT14372.
CPE | Name | Operator | Version |
---|---|---|---|
ibm mq appliance | eq | 8.0 |