RCE vulnerability in JMS Client in IBM MessageSight
CVEID: CVE-2016-0375
DESCRIPTION: IBM MessageSight contains an unspecified vulnerability that could allow a remote authenticated attacker to execute arbitrary commands with administrator privileges.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112237 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
IBM MessageSight V1.1, V1.2 and V2.0
Product
|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—
IBM MessageSight| 1.1| IT15743| 1.1.0.1-IBM-IMA-JMSClient-IFIT15743
IBM MessageSight|
1.2|
IT15674| 1.2.0.3-IBM-IMA-JMSClient-IFIT15674
IBM MessageSight| 2.0| IT15674| 2.0.0.0-IBM-IMA-JMSClient-IFIT15674
Do not use JMS ObjectMessage.