CVE-2015-5011

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Message Broker
Vendor: CVE Published:; 26 October 2015

Summary

IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21967265

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1PI28139

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Oct 26, 2015
Vulnerability Reserved
Jun 24, 2015