CVE-2015-0173

Name of the Vulnerable Software and Affected Versions IBM WebSphere MQ Internet Pass-Thru versions prior to 2.1.0.2

Description The issue affects the HTTP connection-management functionality when HTTPS is disabled, leading to improper generation of MQIPT Session IDs. This makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value.

Recommendations For versions prior to 2.1.0.2, update to version 2.1.0.2 or later to resolve the issue. As a temporary workaround, consider enabling HTTPS to minimize the risk of exploitation. Restrict access to the HTTP connection-management functionality until the issue is resolved.