Information Disclosure in IBM WebSphere MQ Products
CVE-2015-1957

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Websphere MQ
Vendor: CVE Published:; 10 April 2018

What is CVE-2015-1957?

IBM WebSphere MQ versions 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 are susceptible to an information disclosure vulnerability that allows remote authenticated users to intercept sensitive information. This risk arises during man-in-the-middle attacks, where critical message data is duplicated and transmitted in cleartext outside of its secured payload. This exposure compromises the confidentiality of transmitted messages.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21960506

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/103482

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2018
Vulnerability Reserved
Feb 19, 2015