CVE Vulnerabilities

CVE-2015-0173

Published: Jun 28, 2015 | Modified: Sep 23, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value.

Affected Software

Name Vendor Start Version End Version
Websphere_mq_internet_pass_thru Ibm * 2.1.0.1 (including)

References