Vulnerability Details : CVE-2017-1285
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.
Vulnerability category: Input validation
Products affected by CVE-2017-1285
- cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-1285
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-1285
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2017-1285
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1285
-
http://www.securityfocus.com/bid/99538
Multiple IBM Products CVE-2017-1285 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://www.ibm.com/support/docview.wss?uid=swg22003856
IBM Security Bulletin: IBM MQ and IBM MQ Appliance invalid requests cause denial of service to SDR and CLUSSDR channels (CVE-2017-1285)Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/125146
IBM WebSphere MQ denial of service CVE-2017-1285 Vulnerability ReportVDB Entry;Vendor Advisory
Jump to