High Severity

IBM Security Bulletin: IBM MQ Appliance is affected by a XML External Entity Injection (XXE) vulnerability (CVE-2018-1669)

Share this post:

IBM MQ Appliance has addressed the following XML External Entity Injection (XXE) vulnerability.

CVE(s): CVE-2018-1669

Affected product(s) and affected version(s):

IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.10

IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Continuous delivery updates 9.0.1 and 9.0.5

IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Maintenance level 9.1.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10739229
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144950

More stories

Security Bulletin: Multiple IBM Db2 Server Vulnerabilities Affect IBM Emptoris Program Management

Sep 23, 2021 9:17 am EDT | High Severity

Multiple IBM Db2 Server vulnerabilities affect IBM Emptoris Program Management. ...read more


Security Bulletin:Multiple vulnerabilities fixed in IBM Security Verify Bridge – Docker

Sep 22, 2021 8:04 pm EDT | High Severity

Multiple vulnerabilities fixed in IBM Security Verify Bridge - Docker ...read more


Security Bulletin: IBM SDK, Java Tech Edition Quarterly CPU Jul 2021 – Includes Oracle Jul 2021 CPU (minus CVE-2021-2341)

Sep 22, 2021 8:01 pm EDT | High Severity

This Security Bulletin provides steps for updating Java for IBM DataQuant. ...read more