CVE-2015-1967Sensitive Information Exposure in IBM Websphere MQ

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 56.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere MQ
Timeline
PublishedJul 1
Latest updateMay 17

Description

MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network for a session in which TLS is not used.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/websphere_mq8.0.0.2

🔴Vulnerability Details

2
GHSA
GHSA-4ghc-9j93-h7xg: MQ Explorer in IBM WebSphere MQ before 82022-05-17
CVEList
CVE-2015-1967: MQ Explorer in IBM WebSphere MQ before 82015-07-01

📋Vendor Advisories

1
Red Hat
Mozilla: Same-origin policy violation using perfomance.getEntries and history navigation with session restore (MFSA 2016-29)2016-03-08

💬Community

1
Bugzilla
CVE-2016-1967 Mozilla: Same-origin policy violation using perfomance.getEntries and history navigation with session restore (MFSA 2016-29)2016-03-08
CVE-2015-1967 — Sensitive Information Exposure in IBM | cvebase