IBM » Websphere Message Broker : Security Vulnerabilities, CVEs, Published In 2017
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-07-05
Updated
2019-10-03
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.
Max CVSS
2.5
EPSS Score
0.04%
Published
2017-07-05
Updated
2017-07-18
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341.
Max CVSS
5.3
EPSS Score
0.13%
Published
2017-10-04
Updated
2017-10-13
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.
Max CVSS
9.1
EPSS Score
0.27%
Published
2017-02-15
Updated
2017-03-07
IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906.
Max CVSS
6.1
EPSS Score
0.13%
Published
2017-02-15
Updated
2017-03-07
The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.
Max CVSS
5.3
EPSS Score
0.07%
Published
2017-02-01
Updated
2017-02-07
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
Max CVSS
3.3
EPSS Score
0.04%
Published
2017-02-01
Updated
2017-02-07
7 vulnerabilities found