PT-2016-1269 · Ibm · Websphere Mq

Published

2016-02-08

Updated

2016-12-06

CVE-2015-2012

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions WebSphere MQ versions 7.1 before 7.1.0.7 WebSphere MQ versions 7.5 through 7.5.0.5 WebSphere MQ versions 8.0 before 8.0.0.4

Description The issue is related to the storage of registration data in a text file in an open manner. This could allow a local attacker to obtain confidential information by exploiting the vulnerability. The MQXR service in WMQ Telemetry uses world-readable permissions for a cleartext file containing the SSL keystore password.

Recommendations For WebSphere MQ version 7.1 before 7.1.0.7, update to version 7.1.0.7 or later. For WebSphere MQ versions 7.5 through 7.5.0.5, update to version 7.5.0.6 or later. For WebSphere MQ versions 8.0 before 8.0.0.4, update to version 8.0.0.4 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255CWE-200

Related Identifiers

BDU:2016-00542

CVE-2015-2012

Affected Products

Websphere Mq

PT-2016-1269 · Ibm · Websphere Mq

CVE-2015-2012

Weakness Enumeration

Related Identifiers

Affected Products

References · 5