CVE-2015-1967

Name of the Vulnerable Software and Affected Versions WebSphere MQ versions prior to 8.0.0.3

Description The issue is related to the MQ Explorer component in IBM WebSphere MQ, which does not properly handle the absence of the compatibility-mode option. This allows remote attackers to obtain sensitive information by sniffing the network for a session in which TLS is not used. The vulnerability can be exploited by analyzing network traffic, potentially giving attackers access to protected information.

Recommendations For versions prior to 8.0.0.3, update to version 8.0.0.3 or later to resolve the issue. As a temporary workaround, consider enabling TLS for all sessions to minimize the risk of exploitation. Restrict access to sensitive information and limit network traffic analysis to prevent potential attacks.