Password Bypass Vulnerability in IBM MQ M2000 Appliances
CVE-2015-1985

5.6MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
3 January 2016

Summary

The queue manager on IBM MQ M2000 appliances preceding version 8.0.0.4 is susceptible to a vulnerability that enables local users to bypass the configured password requirements. This flaw can be exploited by taking advantage of the stash file present on the system, allowing unauthorized access to sensitive private keys. Proper security measures should be employed to protect against this bypass risk, which could lead to significant data exposure.

References

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.