Security Bulletin: IBM WebSphere MQ (Paho MQTT and HP-NSS clients) are affected by a vulnerability in OpenSSL (CVE-2014-0160)

Share this post:

A security vulnerability has been discovered in OpenSSL.

CVE(s): CVE-2014-0160

Affected product(s) and affected version(s):

This vulnerability is known to affect the following offerings;

  • Support Pac MAT1 – WebSphere MQ client for HP Integrity NonStop Server
  • Support Pac MA9B – IBM Mobile Messaging and M2M Client Pack – Eclipse Paho MQTT C Client libraries for Linux & Windows platforms only

Note that the Paho MQTT C client libraries provided for Linux and Windows platforms in IBM WebSphere MQ 7.1 and IBM WebSphere MQ 7.5 are also affected.

This vulnerability does NOT affect any version or release of the following on any other platforms:

  • IBM WebSphere MQ Client
  • IBM WebSphere MQ Server
  • IBM WebSphere MQ Managed File Transfer
  • IBM WebSphere MQ Advanced Message Security

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21669839

X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/92322

More stories

XSA-304 and XSA-305 Security Vulnerabilities

Nov 13, 2019 12:30 pm EST

IBM is aware of reported Intel vulnerabilities, CVE-2018-12207 and CVE-2019-11135, which are addressed by Citrix in the XSA-304 and XSA-305 security advisories. The vulnerabilities potentially could enable a denial of service attack or allow unauthorized access to recent memory content. There are no known malicious exploits of these vulnerabilities, which potentially impact the hypervisor. IBM ...read more


IBM Product Security Incident Response

Acknowledgement

Nov 6, 2019 8:30 pm EST

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2019 Danang Tri Atmaja Jafar Abo Nada Jarad Kopf Neil Kettle, (Trustwave) Rich Mirch Steve Petz   Disclosures for 2018 Artem Metla Cody Wass, ...read more


XSA-299 Security Vulnerability

Oct 31, 2019 12:01 pm EST

IBM is aware of a reported XSA-299 security vulnerability (CVE-2019-18421) that potentially would permit an attacker from within a VSI to elevate privileges to that of the host. There are no known malicious exploits of this vulnerability, which potentially impacts the hypervisor. IBM is implementing updates to remediate this vulnerability. No downtime for clients is ...read more