CVE-2010-2637IBM Websphere MQ vulnerability

CWE-3103 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 48.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere MQ
Timeline
PublishedNov 12
Latest updateMay 17

Description

IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/websphere_mq18 versions+17

🔴Vulnerability Details

2
GHSA
GHSA-3f9c-f8wr-33fq: IBM WebSphere MQ 62022-05-17
CVEList
CVE-2010-2637: IBM WebSphere MQ 62010-11-12
CVE-2010-2637 — IBM Websphere MQ vulnerability | cvebase