CVE-2018-1543Improper Certificate Validation in IBM Websphere MQ

CWE-295Improper Certificate Validation4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.1%
top 71.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM MQIBM Websphere MQ
Timeline
PublishedJun 27
Latest updateMay 13

Description

IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDibm/websphere_mq8.0, 9.0+1
CVEListV5ibm/mq8.0, 9.0+1

🔴Vulnerability Details

2
GHSA
GHSA-8mm2-m98w-c7qj: IBM WebSphere MQ 82022-05-13
CVEList
CVE-2018-1543: IBM WebSphere MQ 82018-06-27

💥Exploits & PoCs

1
Exploit-DB
BMC BladeLogic 8.3.00.64 - Remote Command Execution2018-01-26
CVE-2018-1543 — Improper Certificate Validation in IBM | cvebase