CVE-2017-1795

CWE-532Log File Information Exposure3 documents3 sources
Severity
4.4MEDIUM
EPSS
0.0%
top 87.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Websphere MQ Managed File TransferIBM Websphere MQ
Timeline
PublishedJul 6
Latest updateMay 13

Description

IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/websphere_mq_managed_file_transfer8.0.0.08.0.0.8+6
CVEListV5ibm/websphere_mq7 versions+6

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-3hmq-7955-4976: IBM WebSphere MQ 72022-05-13
CVEList
CVE-2017-1795: IBM WebSphere MQ 72018-07-06
CVE-2017-1795 (MEDIUM CVSS 4.4) | IBM WebSphere MQ 7.5 | cvebase.io