Lucene search
HistoryNov 12, 2010 - 9:00 p.m.
CVE-2010-2637
ibm
websphere mq
cve-2010-2637
username
password
encryption
vulnerability
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.0%
IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.
Affected configurations
Node
ibmwebsphere_mqMatch6.0
ORibmwebsphere_mqMatch6.0.0.0
ORibmwebsphere_mqMatch6.0.1.0
ORibmwebsphere_mqMatch6.0.1.1
ORibmwebsphere_mqMatch6.0.2.0
ORibmwebsphere_mqMatch6.0.2.1
ORibmwebsphere_mqMatch6.0.2.2
ORibmwebsphere_mqMatch6.0.2.3
ORibmwebsphere_mqMatch6.0.2.4
ORibmwebsphere_mqMatch6.0.2.5
ORibmwebsphere_mqMatch6.0.2.6
ORibmwebsphere_mqMatch6.0.2.7
ORibmwebsphere_mqMatch6.0.2.8
ORibmwebsphere_mqMatch6.0.2.10
ORibmwebsphere_mqMatch7.0
ORibmwebsphere_mqMatch7.0.0.1
ORibmwebsphere_mqMatch7.0.0.2
ORibmwebsphere_mqMatch7.0.1.0
Related
nessus
nessus
prion
prion
Default credentials
2010-11-12 21:00:00
cvelist
cvelist
CVE-2010-2637
2010-11-12 20:00:00
nvd
nvd
CVE-2010-2637
2010-11-12 21:00:01
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.0%
Related for CVE-2010-2637