CVE-2016-3052 — Sensitive Information Exposure in IBM Websphere MQ

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.2%

top 56.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere MQ IBM Corporation Websphere MQ

Timeline

PublishedFeb 22

Latest updateMay 17

Description

Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/websphere_mq8.0.0.5

▶CVEListV5ibm_corporation/websphere_mq8.0

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-p24q-g7hr-wxj6: Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network↗2022-05-17

▶

CVEList

CVE-2016-3052: Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network↗2017-02-22

▶