There is potential for malicious users to execute arbitrary commands due to improper validation of the input parameters.
CVEID: CVE-2016-5879**
DESCRIPTION:** IBM MQ Appliance could allow a local attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input to Disaster Recovery and High Availability commands within the MQCLI. A local attacker could inject arbitrary shell commands using the, which would allow the attacker to execute arbitrary commands on the system.
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115074 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
IBM MQ Appliance M2000
IBM MQ Appliance M2001
Apply the fix for APAR IT16174
None known; apply fixes.