PT-2018-4131 · Apache+1 · Activemq+2

Published

2018-04-20

Updated

2018-05-22

CVE-2014-0927

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions IBM Sterling B2B Integrator versions 5.1 through 5.2 IBM Sterling File Gateway versions 2.1 through 2.2

Description The issue allows remote attackers to bypass authentication in the ActiveMQ admin user interface by leveraging knowledge of the port number and webapp path.

Recommendations For IBM Sterling B2B Integrator versions 5.1 through 5.2, restrict access to the ActiveMQ admin user interface until a fix is available. For IBM Sterling File Gateway versions 2.1 through 2.2, restrict access to the ActiveMQ admin user interface until a fix is available.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2014-0927

Affected Products

Activemq

Ibm Sterling B2B Integrator

Ibm Sterling File Gateway

PT-2018-4131 · Apache+1 · Activemq+2

CVE-2014-0927

Weakness Enumeration

Related Identifiers

Affected Products

References · 3