Trace files generated by IBM MQ Managed File Transfer commands display passwords in plain text.
CVEID: CVE-2017-1795 DESCRIPTION: IBM MQ Managed File Transfer could allow a local user to obtain highly sensitive information via trace log files generated by its commands.
CVSS Base Score: 4.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137042> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
IBM WebSphere MQ Managed File Transfer v7.5.0.0 through v7.5.0.8
IBM MQ Managed File Transfer v8.0.0.0 through v8.0.0.8
IBM MQ Managed File Transfer v9.0.0.0 through v9.0.0.2 (LTS Release)
IBM MQ Managed File Transfer v9.0.1, v9.0.2, v9.0.3 and v9.0.4 (CD Release)
IBM WebSphere MQ Managed File Transfer v7.5.0.0 through v7.5.0.8
Apply fix 7.5.0.9
IBM MQ Managed File Transfer v8.0.0.0 through v8.0.0.8
Apply fix pack 8.0.0.9
IBM MQ Managed File Transfer v9.0.0.0 through v9.0.0.2 (LTS release)
Apply fix pack 9.0.0.3
IBM MQ Managed File Transfer v9.0.1 CD, v9.0.2 CD, v9.0.3 CD and v9.0.4 CD
Apply IBM MQ Managed File Transfer v9.0.5 CD release
None