CVE-2015-7462 — Sensitive Information Exposure in IBM Websphere MQ

CWE-200 — Sensitive Information Exposure CWE-2553 documents3 sources

Severity

4.4MEDIUMNVD

EPSS

0.0%

top 91.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere MQ

Timeline

PublishedJun 19

Latest updateMay 17

Description

IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages1 packages

▶NVDibm/websphere_mq8.0.0.4

🔴Vulnerability Details

GHSA

GHSA-2h82-jg6m-gm26: IBM WebSphere MQ 8↗2022-05-17

▶

CVEList

CVE-2015-7462: IBM WebSphere MQ 8↗2016-06-19

▶