CVE-2014-4793IBM Websphere MQ vulnerability

CWE-2643 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 58.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere MQ
Timeline
PublishedOct 2
Latest updateMay 17

Description

IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDibm/websphere_mq8.0.0.0

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-65c8-w8jr-qxhc: IBM WebSphere MQ 82022-05-17
CVEList
CVE-2014-4793: IBM WebSphere MQ 82014-10-02
CVE-2014-4793 — IBM Websphere MQ vulnerability | cvebase