cnvd - cnvd-2017-22088

cnvd-2017-22088

Vulnerability from cnvd

Title: IBM Integration Bus信息泄露漏洞（CNVD-2017-22088）

Description:

IBM Integration Bus（前称IBM WebSphere Message Broker）是美国IBM公司的一款企业服务总线（ESB）产品。该产品为面向服务架构（SOA）环境和非SOA环境提供连通性和通用数据转换。

IBM Integration Bus中存在信息泄露漏洞，该漏洞源于程序以明文的形式记录用户证书。本地攻击者可利用该漏洞读取用户证书。

Severity: 低

Patch Name: IBM Integration Bus信息泄露漏洞（CNVD-2017-22088）的补丁

Patch Description:

IBM Integration Bus中存在信息泄露漏洞，该漏洞源于程序以明文的形式记录用户证书。本地攻击者可利用该漏洞读取用户证书。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： http://www-01.ibm.com/support/docview.wss?uid=swg22005382

Reference: http://www.securityfocus.com/bid/99368

Impacted products

Name
['IBM WebSphere Message Broker 8.0', 'IBM Integration Bus 10.0', 'IBM WebSphere Message Broker 8.0.0.8', 'IBM WebSphere Message Broker 8.0.0.7', 'IBM WebSphere Message Broker 8.0.0.6', 'IBM WebSphere Message Broker 8.0.0.4', 'IBM WebSphere Message Broker 8.0.0.3', 'IBM WebSphere Message Broker 8.0.0.2', 'IBM WebSphere Message Broker 8.0.0.1', 'IBM Integration Bus 9.0.0.7', 'IBM Integration Bus 9.0.0.4', 'IBM Integration Bus 9.0.0.3', 'IBM Integration Bus 9.0.0.1', 'IBM Integration Bus 9.0.0.0', 'IBM Integration Bus 10.0.0.7', 'IBM Integration Bus 10.0.0.6', 'IBM Integration Bus 10.0.0.5']

Name

['IBM WebSphere Message Broker 8.0', 'IBM Integration Bus 10.0', 'IBM WebSphere Message Broker 8.0.0.8', 'IBM WebSphere Message Broker 8.0.0.7', 'IBM WebSphere Message Broker 8.0.0.6', 'IBM WebSphere Message Broker 8.0.0.4', 'IBM WebSphere Message Broker 8.0.0.3', 'IBM WebSphere Message Broker 8.0.0.2', 'IBM WebSphere Message Broker 8.0.0.1', 'IBM Integration Bus 9.0.0.7', 'IBM Integration Bus 9.0.0.4', 'IBM Integration Bus 9.0.0.3', 'IBM Integration Bus 9.0.0.1', 'IBM Integration Bus 9.0.0.0', 'IBM Integration Bus 10.0.0.7', 'IBM Integration Bus 10.0.0.6', 'IBM Integration Bus 10.0.0.5']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99368"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-1207"
    }
  },
  "description": "IBM Integration Bus\uff08\u524d\u79f0IBM WebSphere Message Broker\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u4f01\u4e1a\u670d\u52a1\u603b\u7ebf\uff08ESB\uff09\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u4e3a\u9762\u5411\u670d\u52a1\u67b6\u6784\uff08SOA\uff09\u73af\u5883\u548c\u975eSOA\u73af\u5883\u63d0\u4f9b\u8fde\u901a\u6027\u548c\u901a\u7528\u6570\u636e\u8f6c\u6362\u3002\r\n\r\nIBM Integration Bus\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4ee5\u660e\u6587\u7684\u5f62\u5f0f\u8bb0\u5f55\u7528\u6237\u8bc1\u4e66\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u7528\u6237\u8bc1\u4e66\u3002",
  "discovererName": "IBM",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg22005382",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-22088",
  "openTime": "2017-08-21",
  "patchDescription": "IBM Integration Bus\uff08\u524d\u79f0IBM WebSphere Message Broker\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u4f01\u4e1a\u670d\u52a1\u603b\u7ebf\uff08ESB\uff09\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u4e3a\u9762\u5411\u670d\u52a1\u67b6\u6784\uff08SOA\uff09\u73af\u5883\u548c\u975eSOA\u73af\u5883\u63d0\u4f9b\u8fde\u901a\u6027\u548c\u901a\u7528\u6570\u636e\u8f6c\u6362\u3002\r\n\r\nIBM Integration Bus\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4ee5\u660e\u6587\u7684\u5f62\u5f0f\u8bb0\u5f55\u7528\u6237\u8bc1\u4e66\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u7528\u6237\u8bc1\u4e66\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Integration Bus\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-22088\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM WebSphere Message Broker 8.0",
      "IBM Integration Bus 10.0",
      "IBM WebSphere Message Broker  8.0.0.8",
      "IBM WebSphere Message Broker   8.0.0.7",
      "IBM WebSphere Message Broker   8.0.0.6",
      "IBM WebSphere Message Broker   8.0.0.4",
      "IBM WebSphere Message Broker   8.0.0.3",
      "IBM WebSphere Message Broker   8.0.0.2",
      "IBM WebSphere Message Broker   8.0.0.1",
      "IBM Integration Bus 9.0.0.7",
      "IBM Integration Bus  9.0.0.4",
      "IBM Integration Bus  9.0.0.3",
      "IBM Integration Bus  9.0.0.1",
      "IBM Integration Bus  9.0.0.0",
      "IBM Integration Bus  10.0.0.7",
      "IBM Integration Bus  10.0.0.6",
      "IBM Integration Bus  10.0.0.5"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/99368",
  "serverity": "\u4f4e",
  "submitTime": "2017-07-06",
  "title": "IBM Integration Bus\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-22088\uff09"
}

CVE-2017-1207 (GCVE-0-2017-1207)

Vulnerability from cvelistv5

Published

2017-07-05 17:00

Modified

2024-09-17 03:22

Severity ?

CWE

Obtain Information

Summary

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/123777	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22005382	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/99368	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	Integration Bus	Version: 9.0 Version: 10.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
          },
          {
            "name": "99368",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99368"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Integration Bus",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "10.0"
            }
          ]
        }
      ],
      "datePublic": "2017-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-06T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
        },
        {
          "name": "99368",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99368"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-06-30T00:00:00",
          "ID": "CVE-2017-1207",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Integration Bus",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "10.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22005382",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
            },
            {
              "name": "99368",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99368"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1207",
    "datePublished": "2017-07-05T17:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T03:22:49.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted