IBMFC01A0381D672396D56A2270C0395D6313F9DFE27A9C4AB582AAE7840F1049F1Security Bulletin: IBM MQ Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-7805)
EPSS
Percentile
83.7%
Summary
IBM MQ Appliance has addressed a vulnerability in Network Security Services (NSS).
Vulnerability Details
CVEID:CVE-2017-7805
**DESCRIPTION:*Network Security Services could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in TLS 1.2 generating handshake hashes. By persuading a victim to visit a specially-crafted website, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132749 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.7
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Continuous delivery updates between 9.0.1 and 9.0.3
Remediation/Fixes
IBM MQ Appliance 8.0
Apply fixpack 8.0.0.8
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Apply Continuous Delivery Release 9.0.4
Workarounds and Mitigations
None
Related
EPSS
Percentile
83.7%