Authorization Bypass in IBM WebSphere Message Broker and Integration Bus
CVE-2015-5011

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Message Broker
Vendor: CVE Published:; 26 October 2015

Summary

IBM WebSphere Message Broker versions prior to 8.0.0.6 and Integration Bus versions prior to 9.0.0.4 are susceptible to an authorization bypass vulnerability. This flaw allows local users to execute MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands without proper authorization, potentially enabling them to start or stop message flows, which could disrupt services and compromise the integrity of system operations.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21967265

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1PI28139

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Oct 26, 2015
Vulnerability Reserved
Jun 24, 2015