Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMEB992E0324F6983AFA80DD5E96574E816ADEB93E77DEC69E52DC6594FC5C99B8
HistoryJun 15, 2018 - 7:02 a.m.

Security Bulletin: IBM WebSphere MQIPT Session IDs are predictable (CVE-2015-0173)

2018-06-1507:02:41
www.ibm.com
10

EPSS

0.002

Percentile

57.3%

JSON

Summary

The MQIPT Session IDs for HTTP communication that are generated by MQIPT V2.0 and later are predictable.

Vulnerability Details

CVEID: CVE-2015-0173**
DESCRIPTION:** IBM WebSphere MQ Internet Pass-Thru HTTP connection management contains a security flaw which could allow interception of MQ message data for non-HTTPS connections.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100928 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

IBM WebSphere MQ Internet Pass-Thru (SupportPac MS81)

  • Versions 2.1.0.1 and earlier

Remediation/Fixes

Replace/upgrade MQIPT installations to IBM WebSphere MQ Internet Pass-Thru 2.1.0.2 or later.

Workarounds and Mitigations

Configure MQIPT to enable HTTPS and avoid using HTTP sessions.

Related

cvelist 1
prion 1
cve 1
nvd 1
cvelist
cvelist
CVE-2015-0173
2015-06-28 14:00:00
prion
prion
Design/Logic Flaw
2015-06-28 14:59:00
cve
cve
CVE-2015-0173
2015-06-28 14:59:00
nvd
nvd
CVE-2015-0173
2015-06-28 14:59:00

EPSS

0.002

Percentile

57.3%

JSON
Related for EB992E0324F6983AFA80DD5E96574E816ADEB93E77DEC69E52DC6594FC5C99B8
cvelist1prion1cve1nvd1