3 matches found
CVE-2015-7420
CVE-2015-7420 is a GSKit vulnerability reported in IBM advisories affecting GSKit in IBM MQ M2000 appliances prior to 8.0.0.4. The issue allows a remote attacker to obtain sensitive information due to the GSKit PRNG state being duplicated during a fork, creating a window where child processes may...
CVE-2015-7421
CVE-2015-7421 is a vulnerability in the GSKit component where the internal PRNG pool state is duplicated during a fork(), potentially allowing a remote attacker to obtain sensitive information due to predictable PRNG output. IBM bulletins confirm GSKit is used by IBM products (e.g., Content Manag...
CVE-2015-1985
Affected product: IBM MQ Appliance M2000. Vulnerability: local attacker with read authority can bypass password and read private keys by exploiting the stash file in versions prior to 8.0.0.4. Root cause: stash-file presence enabling unauthorized access to key material. Impact: potential exposure...