Local Privilege Escalation in IBM WebSphere MQ by Unprivileged Users
CVE-2016-0259

2.5LOW

Key Information:

Vendor: IBM
Status: Websphere MQ
Vendor: CVE Published:; 26 June 2016

Summary

A vulnerability exists in IBM WebSphere MQ 8.x prior to version 8.0.0.5, which allows local users to bypass the required authority for certain display commands. This flaw can be exploited by unprivileged users to access sensitive information that is otherwise protected, potentially leading to unauthorized data exposure.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21984561

x_refsource_CONFIRM

http://www.securitytracker.com/id/1036179

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2016
Vulnerability Reserved
Dec 8, 2015