CVE-2011-1224IBM Websphere MQ vulnerability

CWE-2643 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 68.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere MQ
Timeline
PublishedJul 7
Latest updateMay 17

Description

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/websphere_mq22 versions+21

🔴Vulnerability Details

2
GHSA
GHSA-j66m-x5fg-q9vc: IBM WebSphere MQ 62022-05-17
CVEList
CVE-2011-1224: IBM WebSphere MQ 62011-07-07
CVE-2011-1224 — IBM Websphere MQ vulnerability | cvebase