Authorization

2015-10-2602:59:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command.

CPENameOperatorVersion
integration_buseq9.0.0.2
integration_buseq9.0.0.1
integration_buseq9.0
integration_buseq9.0.0.3
websphere_message_brokereq8.0
websphere_message_brokereq8.0.0.2
websphere_message_brokereq8.0.0.4
websphere_message_brokereq8.0.0.3
websphere_message_brokereq8.0.0.5
websphere_message_brokereq8.0.0.1

Name	Operator	Version
integration_bus	eq	9.0.0.2
integration_bus	eq	9.0.0.1
integration_bus	eq	9.0
integration_bus	eq	9.0.0.3
websphere_message_broker	eq	8.0
websphere_message_broker	eq	8.0.0.2
websphere_message_broker	eq	8.0.0.4
websphere_message_broker	eq	8.0.0.3
websphere_message_broker	eq	8.0.0.5
websphere_message_broker	eq	8.0.0.1