Lucene search
IBM6EA07B6EA73609200446F9EFF89C2D3A1F12D975A1D820187A6353DE88E218CDHistoryJun 15, 2018 - 7:01 a.m.
Security Bulletin: IBM WebSphere MQ Telemetry Component - Potential authentication bypass vulnerability when using the JAASConfig property (CVE-2014-6116)
2018-06-1507:01:49
www.ibm.com
11
0.003 Low
EPSS
Percentile
67.9%
Summary
IBM WebSphere MQ contains a vulnerability in which authentication is bypassed by MQTT clients with the “JAASConfig” configuration property set.
Vulnerability Details
CVE ID: CVE-2014-6116
IBM WebSphere MQ contains a vulnerability in which authentication is bypassed by MQTT clients with the “JAASConfig” configuration property set.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/96213> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
.
Affected Products and Versions
IBM WebSphere MQ Telemetry Component
- WebSphere MQ 8.0.0.1 downloaded prior to 24th September 2014 (Level: p000-001-L140910). To check your fix pack level, issue the command _dspmqver _and check the output of the Level option.
Remediation/Fixes
Remove fix pack WebSphere MQ 8.0.0.1 (Level: p000-001-L140910), then install the latest version of WebSphere MQ 8.0.0.1 fix pack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| websphere mq | eq | 8.0.0.1 |
Related
ibm
ibm
cvelist
cvelist
CVE-2014-6116
2014-10-19 01:00:00
nvd
nvd
CVE-2014-6116
2014-10-19 01:55:15
cve
cve
CVE-2014-6116
2014-10-19 01:55:15
prion
prion
Authentication flaw
2014-10-19 01:55:00
0.003 Low
EPSS
Percentile
67.9%
Related for 6EA07B6EA73609200446F9EFF89C2D3A1F12D975A1D820187A6353DE88E218CD