CVE-2016-0379

Published on: 09/25/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:13 PM UTC

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Certain versions of Websphere Mq from Ibm contain the following vulnerability:

IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights.

  • CVE-2016-0379 has been assigned by [email protected] to track the vulnerability - currently rated as LOW severity.

CVSS3 Score: 3.1 - LOW

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE LOW

CVSS2 Score: 3.5 - LOW

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
IBM WebSphere MQ CVE-2016-0379 Denial of Service Vulnerability cve.report (archive)
text/html
URL Logo BID 93146
IBM Security Bulletin: IBM WebSphere MQ Invalid client protocol flows could cause denial of service (CVE-2016-0379) - United States Patch
Vendor Advisory
www-01.ibm.com
text/html
URL Logo CONFIRM www-01.ibm.com/support/docview.wss?uid=swg21984565

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationIbmWebsphere Mq7.5AllAllAll
ApplicationIbmWebsphere Mq7.5.0.1AllAllAll
ApplicationIbmWebsphere Mq7.5.0.2AllAllAll
ApplicationIbmWebsphere Mq7.5.0.3AllAllAll
ApplicationIbmWebsphere Mq7.5.0.4AllAllAll
ApplicationIbmWebsphere Mq7.5.0.5AllAllAll
ApplicationIbmWebsphere Mq7.5.0.6AllAllAll
ApplicationIbmWebsphere Mq8.0AllAllAll
ApplicationIbmWebsphere Mq8.0.0.1AllAllAll
ApplicationIbmWebsphere Mq8.0.0.2AllAllAll
ApplicationIbmWebsphere Mq8.0.0.3AllAllAll
ApplicationIbmWebsphere Mq8.0.0.4AllAllAll
ApplicationIbmWebsphere Mq7.5AllAllAll
ApplicationIbmWebsphere Mq7.5.0.1AllAllAll
ApplicationIbmWebsphere Mq7.5.0.2AllAllAll
ApplicationIbmWebsphere Mq7.5.0.3AllAllAll
ApplicationIbmWebsphere Mq7.5.0.4AllAllAll
ApplicationIbmWebsphere Mq7.5.0.5AllAllAll
ApplicationIbmWebsphere Mq7.5.0.6AllAllAll
ApplicationIbmWebsphere Mq8.0AllAllAll
ApplicationIbmWebsphere Mq8.0.0.1AllAllAll
ApplicationIbmWebsphere Mq8.0.0.2AllAllAll
ApplicationIbmWebsphere Mq8.0.0.3AllAllAll
ApplicationIbmWebsphere Mq8.0.0.4AllAllAll
  • cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*: