Lucene search
IbmCVE-2015-0173HistoryJun 28, 2015 - 2:59 p.m.
CVE-2015-0173
2015-06-2814:59:00
CWE-17
ibm
web.nvd.nist.gov
21
cve-2015-0173
http
connection management
ipt
ibm
websphere mq
security vulnerability
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
57.3%
The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value.
Affected configurations
Node
ibmwebsphere_mq_internet_pass_thruRange≤2.1.0.1websphere_mq
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_mq_internet_pass_thru | * | cpe:2.3:a:ibm:websphere_mq_internet_pass_thru:*:*:*:*:*:websphere_mq:*:* |
Related
cvelist
cvelist
CVE-2015-0173
2015-06-28 14:00:00
prion
prion
Design/Logic Flaw
2015-06-28 14:59:00
ibm
ibm
nvd
nvd
CVE-2015-0173
2015-06-28 14:59:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
57.3%
Related for CVE-2015-0173