Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC89C0CABC7F5977904A5DFEBAEC12ACED8C9E518E016F739A4925A93313A703B
HistoryJun 15, 2018 - 7:04 a.m.

Security Bulletin: ICU4C overflow vulnerability affects IBM WebSphere MQ (CVE-2011-4599)

2018-06-1507:04:52
www.ibm.com
13

0.224 Low

EPSS

Percentile

96.5%

JSON

Summary

A vulnerability exists in the version of ICU4C shipped by IBM WebSphere MQ that provides support for the Managed File Transfer (MFT) process controller.

Vulnerability Details

CVEID: CVE-2011-4599**
DESCRIPTION:** International Components for Unicode (ICU) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the _canonicalize( ) function. By supplying a negative len value, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/71726 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected Products and Versions

The ICU4C vulnerability only affects MQ installations that have Managed File Transfer (MFT) components installed.

IBM MQ 8.0

Fixpack 8.0.0.3 and earlier maintenance levels

IBM WebSphere MQ 7.5

Fixpack 7.5.0.5 and earlier maintenance levels

Remediation/Fixes

IBM MQ 8.0

Apply fixpack 8.0.0.4 or later

IBM WebSphere MQ 7.5

Apply fixpack 7.5.0.6 or later

CPENameOperatorVersion
websphere mqeq8.0
websphere mqeq7.5

Related

nessus 22
openvas 26
gentoo 1
redhat 1
securityvulns 8
cve 1
ibm 4
ubuntucve 1
oraclelinux 1
fedora 2
ubuntu 1
debian 1
prion 1
cvelist 1
debiancve 1
centos 1
nvd 1
veracode 1
amazon 1
nessus
nessus
Debian DSA-2397-1 : icu - buffer underflow
2012-01-31 00:00:00
RHEL 5 / 6 : icu (RHSA-2011:1815)
2011-12-14 00:00:00
Fedora 16 : icu-4.6-3.fc16 (2011-17101)
2011-12-23 00:00:00
openvas
openvas
CentOS Update for icu CESA-2011:1815 centos5 i386
2011-12-16 00:00:00
Fedora Update for icu FEDORA-2011-17101
2012-04-02 00:00:00
Debian: Security Advisory (DSA-2397-1)
2012-02-12 00:00:00
gentoo
gentoo
2012-09-24 00:00:00
redhat
redhat
(RHSA-2011:1815) Moderate: icu security update
2011-12-13 00:00:00
securityvulns
securityvulns
[ MDVSA-2011:194 ] icu
2012-01-02 00:00:00
ICU library memory corruption
2012-01-02 00:00:00
Apple Mac OS X multiple security vulnerabilities
2012-10-01 00:00:00
cve
cve
CVE-2011-4599
2012-06-21 15:55:11
ibm
ibm
Security Bulletin: A security vulnerability has been identified in WebSphere MQ shipped with WebSphere Remote Server (CVE-2011-4599)
2018-06-15 07:05:19
Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics
2019-07-25 18:55:02
Security Bulletin: Security Vulnerabilties have been addressed in IBM Cognos Analytics
2019-09-13 16:44:52
ubuntucve
ubuntucve
CVE-2011-4599
2011-12-15 00:00:00
oraclelinux
oraclelinux
icu security update
2011-12-13 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: icu-4.6-3.fc16
2011-12-23 03:30:36
[SECURITY] Fedora 15 Update: icu-4.4.2-9.fc15
2011-12-23 03:30:14
ubuntu
ubuntu
ICU vulnerability
2012-01-26 00:00:00
debian
debian
[SECURITY] [DSA 2397-1] icu security update
2012-01-29 12:38:33
prion
prion
Stack overflow
2012-06-21 15:55:00
cvelist
cvelist
CVE-2011-4599
2012-06-21 15:00:00
debiancve
debiancve
CVE-2011-4599
2012-06-21 15:55:11
centos
centos
icu, libicu security update
2011-12-14 00:14:20
nvd
nvd
CVE-2011-4599
2012-06-21 15:55:11
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:08:51
amazon
amazon
Medium: icu
2012-01-09 09:18:00

0.224 Low

EPSS

Percentile

96.5%

JSON
Related for C89C0CABC7F5977904A5DFEBAEC12ACED8C9E518E016F739A4925A93313A703B
nessus22openvas26gentoo1redhat1securityvulns8cve1ibm4ubuntucve1oraclelinux1fedora2ubuntu1debian1prion1cvelist1debiancve1centos1nvd1veracode1amazon1