CVE-2016-0360

Description

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457.

Affected products

• IBM Corporation / WebSphere MQ7.0.1 – 7.0.1
• IBM Corporation / WebSphere MQ7.1 – 7.1
• IBM Corporation / WebSphere MQ7.5 – 7.5
• IBM Corporation / WebSphere MQ8.0 – 8.0
• IBM Corporation / WebSphere MQ9.0 – 9.0

References

• MISChttp://www.securityfocus.com/bid/95317
• MISChttp://www-01.ibm.com/support/docview.wss?uid=swg21983457
• MISChttp://www.securitytracker.com/id/1037561