Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMABFC9954AF02B9C4E8253CEB5D6642792996CD4CD99C317F67042BBCCE6877D4
HistoryNov 19, 2019 - 5:33 p.m.

Security Bulletin: IBM MQ Java/JMS application can incorrectly flow password in plain text. (CVE-2017-1337)

2019-11-1917:33:56
www.ibm.com
10

0.003 Low

EPSS

Percentile

71.4%

JSON

Summary

IBM MQ Java/JMS application can incorrectly flow password in plain text when PASSWORDPROTECTION=ALWAYS is set in mqclient.ini

Vulnerability Details

CVEID: CVE-2017-1337 DESCRIPTION: IBM MQ Java/JMS application can incorrectly transmit user credentials in plain text.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126245 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM MQ V8
IBM MQ 8.0.0.0 - 8.0.0.6 maintenance levels
IBM MQ V9
IBM MQ 9.0.0.0 - 9.0.0.1 maintenance levels

IBM MQ V9 CD

IBM MQ V9.0.1 and V9.0.2

Remediation/Fixes

IBM MQ V8
Apply Fix Pack 8.0.0.7
BM MQ V9
Apply Fix Pack 9.0.0.2

IBM MQ V9 CD

Upgrade to IBM MQ V9.0.3

Workarounds and Mitigations

None.

Related

prion 1
nvd 1
cvelist 1
cve 1
openvas 1
nessus 1
prion
prion
Code injection
2017-07-10 16:29:00
nvd
nvd
CVE-2017-1337
2017-07-10 16:29:00
cvelist
cvelist
CVE-2017-1337
2017-07-06 00:00:00
cve
cve
CVE-2017-1337
2017-07-10 16:29:00
openvas
openvas
IBM WebSphere MQ 9.0.1 And 9.0.2 Information Disclosure
2017-12-08 00:00:00
nessus
nessus
IBM WebSphere MQ 9.0.1 < 9.0.3 Multiple Vulnerabilities
2017-07-20 00:00:00

0.003 Low

EPSS

Percentile

71.4%

JSON
Related for ABFC9954AF02B9C4E8253CEB5D6642792996CD4CD99C317F67042BBCCE6877D4
prion1nvd1cvelist1cve1openvas1nessus1