A vulnerability exists in the version of ICU4C shipped by IBM WebSphere MQ that provides support for the Managed File Transfer (MFT) process controller.
CVEID: CVE-2011-4599**
DESCRIPTION:** International Components for Unicode (ICU) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the _canonicalize( ) function. By supplying a negative len value, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/71726 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
The ICU4C vulnerability only affects MQ installations that have Managed File Transfer (MFT) components installed.
IBM MQ 8.0
Fixpack 8.0.0.3 and earlier maintenance levels
IBM WebSphere MQ 7.5
Fixpack 7.5.0.5 and earlier maintenance levels
IBM MQ 8.0
Apply fixpack 8.0.0.4 or later
IBM WebSphere MQ 7.5
Apply fixpack 7.5.0.6 or later
CPE | Name | Operator | Version |
---|---|---|---|
websphere mq | eq | 8.0 | |
websphere mq | eq | 7.5 |