Password Bypass Vulnerability in IBM MQ M2000 Appliances
CVE-2015-1985
5.6MEDIUM
Summary
The queue manager on IBM MQ M2000 appliances preceding version 8.0.0.4 is susceptible to a vulnerability that enables local users to bypass the configured password requirements. This flaw can be exploited by taking advantage of the stash file present on the system, allowing unauthorized access to sensitive private keys. Proper security measures should be employed to protect against this bypass risk, which could lead to significant data exposure.
References
CVSS V3.1
Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved