RCE in Ibm Integration_bus

CVE-2015-5011

IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (31.1th percentile) — read the EPSS interpretation.

Affected products

Ibm Integration_bus — versions 9.0, 9.0.0.1, 9.0.0.2
Ibm Websphere_message_broker — versions 8.0, 8.0.0.1, 8.0.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-77 — Command Injection

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
PI28139 (vendor-advisory, Patch, x_refsource_AIXAPAR, Vendor Advisory)