Local User Vulnerability in IBM WebSphere MQ on IBM i Platforms
CVE-2015-7462

4.4MEDIUM

Key Information:

Vendor: IBM
Status: Websphere MQ
Vendor: CVE Published:; 19 June 2016

Summary

The vulnerability in IBM WebSphere MQ allows local users on IBM i platforms to exploit elevated privileges to access sensitive information. By executing the 'mqcertck' program, these users can uncover cleartext certificate-keystore passwords from MQ trace output, posing significant risks to the integrity and confidentiality of the messaging environment. Organizations using this product should evaluate their security posture and implement necessary precautions to mitigate potential exploitation of this weakness.

References

http://www.securitytracker.com/id/1036053

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg21984557

x_refsource_CONFIRM

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 19, 2016
Vulnerability Reserved
Sep 29, 2015