CVE-2016-0360

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ibmCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_mq_jms
7.0.1
ibmwebsphere_mq_jms
7.1
ibmwebsphere_mq_jms
7.5
ibmwebsphere_mq_jms
8.0
ibmwebsphere_mq_jms
9.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ibmwebsphere_mq
7.0.1
CNA
ibmwebsphere_mq
7.1
CNA
ibmwebsphere_mq
7.5
CNA
ibmwebsphere_mq
8.0
CNA
ibmwebsphere_mq
9.0
CNA
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21983457
http://www.securityfocus.com/bid/95317
http://www.securitytracker.com/id/1037561
http://www-01.ibm.com/support/docview.wss?uid=swg21983457
http://www.securityfocus.com/bid/95317
http://www.securitytracker.com/id/1037561