The MQIPT Session IDs for HTTP communication that are generated by MQIPT V2.0 and later are predictable.
CVEID: CVE-2015-0173**
DESCRIPTION:** IBM WebSphere MQ Internet Pass-Thru HTTP connection management contains a security flaw which could allow interception of MQ message data for non-HTTPS connections.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100928 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
IBM WebSphere MQ Internet Pass-Thru (SupportPac MS81)
Replace/upgrade MQIPT installations to IBM WebSphere MQ Internet Pass-Thru 2.1.0.2 or later.
Configure MQIPT to enable HTTPS and avoid using HTTP sessions.