CVE-2017-1126
- EPSS 1.22%
- Veröffentlicht 04.10.2017 01:29:02
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341.
CVE-2017-1144
- EPSS 0.28%
- Veröffentlicht 05.07.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.
CVE-2017-1207
- EPSS 0.32%
- Veröffentlicht 05.07.2017 17:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.
CVE-2016-9706
- EPSS 1.76%
- Veröffentlicht 15.02.2017 19:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expo...
CVE-2016-9010
- EPSS 0.77%
- Veröffentlicht 15.02.2017 19:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click...
CVE-2016-8918
- EPSS 1.1%
- Veröffentlicht 01.02.2017 20:59:02
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.
CVE-2016-0394
- EPSS 0.28%
- Veröffentlicht 01.02.2017 20:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
CVE-2016-2961
- EPSS 1.47%
- Veröffentlicht 02.07.2016 14:59:17
- Zuletzt bearbeitet 06.05.2026 22:30:45
The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then re...
CVE-2015-7399
- EPSS 1.87%
- Veröffentlicht 11.01.2016 11:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors.
CVE-2015-5011
- EPSS 0.33%
- Veröffentlicht 26.10.2015 02:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a serv...