Security Flaw in IBM WebSphere MQ Internet Pass-Thru Software Versions
CVE-2017-1118

7.5HIGH

Key Information:

Vendor
IBM
Status
Websphere MQ
Vendor
CVE Published:
2 August 2017

Summary

A vulnerability in IBM WebSphere MQ Internet Pass-Thru versions 2.0 and 2.1 permits an attacker to exploit an incorrectly configured security policy, potentially causing the MQIPT service to stop responding. This issue highlights the critical importance of proper security policy configurations to maintain service availability and prevent disruptions.

Affected Version(s)

WebSphere MQ 2.1

WebSphere MQ 2.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/121156
x_refsource_MISC
http://www.securityfocus.com/bid/100021
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22006580
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.