CVE-2017-1284Sensitive Information Exposure in IBM Websphere MQ

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.7MEDIUMNVD
EPSS
0.1%
top 82.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM MQIBM Websphere MQ
Timeline
PublishedJul 10
Latest updateMay 17

Description

IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

NVDibm/websphere_mq9.0.1, 9.0.2+1
CVEListV5ibm/mq9.0.1, 9.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-76xh-xcj5-jrgx: IBM WebSphere MQ 92022-05-17
CVEList
CVE-2017-1284: IBM WebSphere MQ 92017-07-10
CVE-2017-1284 — Sensitive Information Exposure in IBM | cvebase