CVE-2015-0118

Name of the Vulnerable Software and Affected Versions IBM WebSphere Message Broker Toolkit versions 7.0.0 through 7.0.7 before IF2 IBM WebSphere Message Broker Toolkit version 8.0.0 through 8.0.5 before IF1 IBM Integration Toolkit versions 9.0.0 through 9.0.3 before IF1

Description The software is distributed with MQ client JAR files that support only weak TLS ciphers. This could make it easier for remote attackers to obtain sensitive information by sniffing the network during a connection to an Integration Bus node.

Recommendations For IBM WebSphere Message Broker Toolkit versions 7.0.0 through 7.0.7 before IF2, update to version 7007 IF2 or later. For IBM WebSphere Message Broker Toolkit version 8.0.0 through 8.0.5 before IF1, update to version 8005 IF1 or later. For IBM Integration Toolkit versions 9.0.0 through 9.0.3 before IF1, update to version 9003 IF1 or later.