IBM22B52D2D671A96DDADDDEB67132147A6BA9EAD05AF57E3A9077FCD6776B126C6Security Bulletin: Incorrect certficate validation vulnerability in IBM MQ.NET Managed Client (CVE-2018-1543)
0.001 Low
EPSS
Percentile
43.6%
Summary
IBM MQ Managed .NET Client could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques
Vulnerability Details
CVEID: CVE-2018-1543**
DESCRIPTION:** IBM MQ Managed .NET Client could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142598> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
IBM WebSphere MQ v8.0.0.0 to 8.0.0.9
IBM MQ 9.0.0.0 to 9.0.0.3 LTS release
Remediation/Fixes
IBM WebSphere MQ v8.0.0.0 to 8.0.0.9
Apply fix pack** **8.0.0.10
IBM MQ 9.0.0.0 to 9.0.0.3 LTS
Apply fix pack 9.0.0.4.
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
43.6%