Lucene search

[email protected]CVE-2015-2012

HistoryFeb 08, 2016 - 4:59 p.m.

CVE-2015-2012

2016-02-0816:59:00

CWE-200

CWE-255

[email protected]

web.nvd.nist.gov

cve-2015-2012

ibm websphere mq

wmq telemetry

ssl

sensitive information disclosure

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

3.9 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.7%

JSON

The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.

Affected configurations

NVD

Node

ibmwebsphere_mqMatch7.1.0.3

ibmwebsphere_mqMatch7.1.0.4

ibmwebsphere_mqMatch7.1.0.5

ibmwebsphere_mqMatch7.1.0.6

ibmwebsphere_mqMatch7.5

ibmwebsphere_mqMatch7.5.0.2

ibmwebsphere_mqMatch7.5.0.3

ibmwebsphere_mqMatch7.5.0.4

ibmwebsphere_mqMatch7.5.0.5

ibmwebsphere_mqMatch8.0

ibmwebsphere_mqMatch8.0.0.1

ibmwebsphere_mqMatch8.0.0.2

ibmwebsphere_mqMatch8.0.0.3

CPENameOperatorVersion
ibm:websphere_mqibm websphere mqeq7.1.0.3
ibm:websphere_mqibm websphere mqeq7.1.0.4
ibm:websphere_mqibm websphere mqeq7.1.0.5
ibm:websphere_mqibm websphere mqeq7.1.0.6
ibm:websphere_mqibm websphere mqeq7.5
ibm:websphere_mqibm websphere mqeq7.5.0.2
ibm:websphere_mqibm websphere mqeq7.5.0.3
ibm:websphere_mqibm websphere mqeq7.5.0.4
ibm:websphere_mqibm websphere mqeq7.5.0.5
ibm:websphere_mqibm websphere mqeq8.0

CPE	Name	Operator	Version
ibm:websphere_mq	ibm websphere mq	eq	7.1.0.3
ibm:websphere_mq	ibm websphere mq	eq	7.1.0.4
ibm:websphere_mq	ibm websphere mq	eq	7.1.0.5
ibm:websphere_mq	ibm websphere mq	eq	7.1.0.6
ibm:websphere_mq	ibm websphere mq	eq	7.5
ibm:websphere_mq	ibm websphere mq	eq	7.5.0.2
ibm:websphere_mq	ibm websphere mq	eq	7.5.0.3
ibm:websphere_mq	ibm websphere mq	eq	7.5.0.4
ibm:websphere_mq	ibm websphere mq	eq	7.5.0.5
ibm:websphere_mq	ibm websphere mq	eq	8.0

Rows per page:

1-10 of 131

References

www-01.ibm.com/support/docview.wss?uid=swg1IT09866

www-01.ibm.com/support/docview.wss?uid=swg21968399

www.securitytracker.com/id/1034943

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

3.9 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.7%

JSON

Related for CVE-2015-2012

openvas1 cvelist1 prion1 nvd1