Local File Permission Weakness in WebSphere MQ by IBM
CVE-2015-2012

4MEDIUM

Key Information:

Vendor

IBM
Status
Websphere MQ
Vendor
CVE Published:
8 February 2016

What is CVE-2015-2012?

The MQXR service within IBM WebSphere MQ has a significant vulnerability related to file permissions. Specifically, older versions of the software may have world-readable permissions on a cleartext file that contains the SSL keystore password. This oversight could permit local users to gain unauthorized access to sensitive information by simply reading the file. Prompt remediation is required to mitigate risks associated with potential data breaches.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IT09866
vendor-advisoryx_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg21968399
x_refsource_CONFIRM
http://www.securitytracker.com/id/1034943
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.