Lucene search
IBMECFDBA2AAB466A913B6F9D85149B2D20177B0F2C4AD5BE65F72A1123655B3514HistoryApr 10, 2019 - 11:05 a.m.
Security Bulletin: IBM MQ Console is vulnerable to a man in the middle attack (CVE-2018-1925)
2019-04-1011:05:01
www.ibm.com
8
0.001 Low
EPSS
Percentile
44.0%
Summary
The IBM MQ Console is vulnerable to a man in the middle attack caused by weaker than expected cryptographic algorithms.
Vulnerability Details
CVEID: CVE-2018-1925 DESCRIPTION: IBM MQ uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152925> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
IBM MQ V9.1 LTS
v9.1.0.0 - 9.1.0.1
IBM MQ V9.1 CD
v9.1.1
Remediation/Fixes
IBM MQ V9.1 LTS
IBM MQ V9.1 CD
Workarounds and Mitigations
Enable FIPS mode in your jvm.options file for the MQ Console by adding the following line:
-Dcom.ibm.jsse2.usefipsprovider=true
Related
cve
cve
CVE-2018-1925
2019-04-15 15:29:00
prion
prion
Code injection
2019-04-15 15:29:00
cvelist
cvelist
CVE-2018-1925
2019-04-10 00:00:00
nvd
nvd
CVE-2018-1925
2019-04-15 15:29:00
nessus
nessus
0.001 Low
EPSS
Percentile
44.0%
Related for ECFDBA2AAB466A913B6F9D85149B2D20177B0F2C4AD5BE65F72A1123655B3514