Lucene search

[email protected]CVE-2015-0118

HistoryJun 28, 2015 - 10:59 p.m.

CVE-2015-0118

2015-06-2822:59:03

CWE-310

[email protected]

web.nvd.nist.gov

ibm

websphere

message broker

toolkit

integration

weak tls ciphers

cve-2015-0118

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.8%

JSON

IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 8005 IF1 and Integration Toolkit 9 before 9003 IF1 are distributed with MQ client JAR files that support only weak TLS ciphers, which might make it easier for remote attackers to obtain sensitive information by sniffing the network during a connection to an Integration Bus node.

Affected configurations

NVD

Node

ibmwebsphere_message_brokerMatch7.0.

ibmwebsphere_message_brokerMatch7.0.0.1

ibmwebsphere_message_brokerMatch7.0.0.2

ibmwebsphere_message_brokerMatch7.0.0.3

ibmwebsphere_message_brokerMatch7.0.0.4

ibmwebsphere_message_brokerMatch7.0.0.5

ibmwebsphere_message_brokerMatch8.0

ibmwebsphere_message_brokerMatch8.0.0.1

ibmwebsphere_message_brokerMatch8.0.0.2

ibmwebsphere_message_brokerMatch8.0.0.3

ibmwebsphere_message_brokerMatch8.0.0.4

ibmwebsphere_message_brokerMatch8.0.0.5

Node

ibmintegration_busMatch9.0

ibmintegration_busMatch9.0.0.1

ibmintegration_busMatch9.0.0.2

ibmintegration_busMatch9.0.0.3

CPENameOperatorVersion
ibm:websphere_message_brokeribm websphere message brokereq7.0.
ibm:websphere_message_brokeribm websphere message brokereq7.0.0.1
ibm:websphere_message_brokeribm websphere message brokereq7.0.0.2
ibm:websphere_message_brokeribm websphere message brokereq7.0.0.3
ibm:websphere_message_brokeribm websphere message brokereq7.0.0.4
ibm:websphere_message_brokeribm websphere message brokereq7.0.0.5
ibm:websphere_message_brokeribm websphere message brokereq8.0
ibm:websphere_message_brokeribm websphere message brokereq8.0.0.1
ibm:websphere_message_brokeribm websphere message brokereq8.0.0.2
ibm:websphere_message_brokeribm websphere message brokereq8.0.0.3

CPE	Name	Operator	Version
ibm:websphere_message_broker	ibm websphere message broker	eq	7.0.
ibm:websphere_message_broker	ibm websphere message broker	eq	7.0.0.1
ibm:websphere_message_broker	ibm websphere message broker	eq	7.0.0.2
ibm:websphere_message_broker	ibm websphere message broker	eq	7.0.0.3
ibm:websphere_message_broker	ibm websphere message broker	eq	7.0.0.4
ibm:websphere_message_broker	ibm websphere message broker	eq	7.0.0.5
ibm:websphere_message_broker	ibm websphere message broker	eq	8.0
ibm:websphere_message_broker	ibm websphere message broker	eq	8.0.0.1
ibm:websphere_message_broker	ibm websphere message broker	eq	8.0.0.2
ibm:websphere_message_broker	ibm websphere message broker	eq	8.0.0.3

Rows per page:

1-10 of 121

References

www-01.ibm.com/support/docview.wss?uid=swg1IT05725

www-01.ibm.com/support/docview.wss?uid=swg21957998

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for CVE-2015-0118

prion1 nvd1 ibm1 cvelist1