IBM MQ Java/JMS application can incorrectly flow password in plain text when PASSWORDPROTECTION=ALWAYS is set in mqclient.ini
CVEID: CVE-2017-1337 DESCRIPTION: IBM MQ Java/JMS application can incorrectly transmit user credentials in plain text.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126245 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM MQ V8
IBM MQ 8.0.0.0 - 8.0.0.6 maintenance levels
IBM MQ V9
IBM MQ 9.0.0.0 - 9.0.0.1 maintenance levels
IBM MQ V9 CD
IBM MQ V9.0.1 and V9.0.2
IBM MQ V8
Apply Fix Pack 8.0.0.7
BM MQ V9
Apply Fix Pack 9.0.0.2
IBM MQ V9 CD
None.