PT-2018-4131 · Apache+1 · Activemq+2

Publicado

2018-04-20

Atualizado

2018-05-22

CVE-2014-0927

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions IBM Sterling B2B Integrator versions 5.1 through 5.2 IBM Sterling File Gateway versions 2.1 through 2.2

Description The issue allows remote attackers to bypass authentication in the ActiveMQ admin user interface by leveraging knowledge of the port number and webapp path.

Recommendations For IBM Sterling B2B Integrator versions 5.1 through 5.2, restrict access to the ActiveMQ admin user interface until a fix is available. For IBM Sterling File Gateway versions 2.1 through 2.2, restrict access to the ActiveMQ admin user interface until a fix is available.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2014-0927

Produtos afetados

Activemq

Ibm Sterling B2B Integrator

Ibm Sterling File Gateway

PT-2018-4131 · Apache+1 · Activemq+2

CVE-2014-0927

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3