2 matches found
Security Bulletin: IBM MQ Light - Potential authentication bypass vulnerability when using the JAASConfig property (CVE-2014-6116)
Summary IBM MQ Light contains a vulnerability in which authentication is bypassed by MQTT clients with the "JAASConfig" configuration property set. Vulnerability Details CVE ID: CVE-2014-6116 DESCRIPTION: IBM MQ Light contains a vulnerability in which authentication is bypassed by MQTT clients wi...
CVE-2014-6116
CVE-2014-6116 affects IBM WebSphere MQ Telemetry Component. WebSphere MQ 8.0.0.1 prior to fix pack p000-001-L140910 is vulnerable: authentication can be bypassed by setting the JAASConfig property in an MQTT client configuration. Reported CVSS base score 4.3 (network, medium complexity, no authen...