Security Flaw in IBM WebSphere MQ Internet Pass-Thru Software Versions
CVE-2017-1118

7.5HIGH

Key Information:

Vendor: IBM
Status: Websphere MQ
Vendor: CVE Published:; 2 August 2017

🔔 Create IBM Vulnerability Alert

What is CVE-2017-1118?

A vulnerability in IBM WebSphere MQ Internet Pass-Thru versions 2.0 and 2.1 permits an attacker to exploit an incorrectly configured security policy, potentially causing the MQIPT service to stop responding. This issue highlights the critical importance of proper security policy configurations to maintain service availability and prevent disruptions.

Affected Version(s)

WebSphere MQ 2.1

WebSphere MQ 2.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/121156

x_refsource_MISC

http://www.securityfocus.com/bid/100021

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=swg22006580

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 2, 2017
Vulnerability Reserved
Nov 30, 2016

.

CVE-2017-1118 : Security Flaw in IBM WebSphere MQ Internet Pass-Thru Software Versions