cnvd - cnvd-2017-30923

cnvd-2017-30923

Vulnerability from cnvd

Title: IBM Integration Bus and WebSphere Message Broker信息泄露漏洞

Description:

IBM WebSphere Message Broker（现称IBM Integration Bus）是美国IBM公司的一款企业服务总线（ESB）产品。该产品为面向服务架构（SOA）环境和非SOA环境提供连通性和通用数据转换。

IBM WebSphere Message Broker 8.0.0.0版本至8.0.0.8版本、Integration Bus 10.0.0.0版本至10.0.0.9版本和9.0.0.0版本至9.0.0.8版本中存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。

Severity: 中

Patch Name: IBM Integration Bus and WebSphere Message Broker信息泄露漏洞的补丁

Patch Description:

IBM WebSphere Message Broker 8.0.0.0版本至8.0.0.8版本、Integration Bus 10.0.0.0版本至10.0.0.9版本和9.0.0.0版本至9.0.0.8版本中存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www-01.ibm.com/support/docview.wss?uid=swg22008470

Reference: http://www-01.ibm.com/support/docview.wss?uid=swg22008470

Impacted products

Name
['IBM Integration Bus >=9.0.0.0，<=9.0.0.8', 'IBM Integration Bus <=10.0.0.0，<=10.0.0.9', 'IBM WebSphere Message Broker >=8.0.0.0，<=8.0.0.8']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "101104"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-1126"
    }
  },
  "description": "IBM WebSphere Message Broker\uff08\u73b0\u79f0IBM Integration Bus\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u4f01\u4e1a\u670d\u52a1\u603b\u7ebf\uff08ESB\uff09\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u4e3a\u9762\u5411\u670d\u52a1\u67b6\u6784\uff08SOA\uff09\u73af\u5883\u548c\u975eSOA\u73af\u5883\u63d0\u4f9b\u8fde\u901a\u6027\u548c\u901a\u7528\u6570\u636e\u8f6c\u6362\u3002\r\n\r\nIBM WebSphere Message Broker 8.0.0.0\u7248\u672c\u81f38.0.0.8\u7248\u672c\u3001Integration Bus 10.0.0.0\u7248\u672c\u81f310.0.0.9\u7248\u672c\u548c9.0.0.0\u7248\u672c\u81f39.0.0.8\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg22008470",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-30923",
  "openTime": "2017-10-22",
  "patchDescription": "IBM WebSphere Message Broker\uff08\u73b0\u79f0IBM Integration Bus\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u4f01\u4e1a\u670d\u52a1\u603b\u7ebf\uff08ESB\uff09\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u4e3a\u9762\u5411\u670d\u52a1\u67b6\u6784\uff08SOA\uff09\u73af\u5883\u548c\u975eSOA\u73af\u5883\u63d0\u4f9b\u8fde\u901a\u6027\u548c\u901a\u7528\u6570\u636e\u8f6c\u6362\u3002\r\n\r\nIBM WebSphere Message Broker 8.0.0.0\u7248\u672c\u81f38.0.0.8\u7248\u672c\u3001Integration Bus 10.0.0.0\u7248\u672c\u81f310.0.0.9\u7248\u672c\u548c9.0.0.0\u7248\u672c\u81f39.0.0.8\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Integration Bus and WebSphere Message Broker\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Integration Bus \u003e=9.0.0.0\uff0c\u003c=9.0.0.8",
      "IBM Integration Bus \u003c=10.0.0.0\uff0c\u003c=10.0.0.9",
      "IBM WebSphere Message Broker  \u003e=8.0.0.0\uff0c\u003c=8.0.0.8"
    ]
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg22008470",
  "serverity": "\u4e2d",
  "submitTime": "2017-10-11",
  "title": "IBM Integration Bus and WebSphere Message Broker\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2017-1126 (GCVE-0-2017-1126)

Vulnerability from cvelistv5

Published

2017-10-03 17:00

Modified

2024-09-17 02:57

Severity ?

CWE

Obtain Information

Summary

IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/101104	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg22008470	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/121341	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	Integration Bus	Version: 9.0 Version: 10.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.180Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101104",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101104"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22008470"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Integration Bus",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "10.0"
            }
          ]
        }
      ],
      "datePublic": "2017-10-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-05T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "101104",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101104"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22008470"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-10-02T00:00:00",
          "ID": "CVE-2017-1126",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Integration Bus",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "10.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101104",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101104"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22008470",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22008470"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1126",
    "datePublished": "2017-10-03T17:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T02:57:03.847Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted