An error was found in the IBM MQ AMQP logic that could result in a session fixation attack.
CVEID: CVE-2019-4227 DESCRIPTION: IBM MQ AMQP Listeners could allow an unauthorized user to conduct a session fixation attack because of improper handling of client disconnection.
CVSS Base Score: 5.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159352> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
IBM MQ V8
versions 8.0.0.4 - 8.0.0.12
IBM MQ V9.0LTS
versions 9.0.0.0 - 9.0.0.6
IBM MQ V9.1 LTS
versions 9.1.0.0 - 9.1.0.2
IBM MQ V9.1 CD
versions 9.1.0 - 9.1.2
IBM MQ V8
IBM MQ V9.0LTS
IBM MQ V9.1 LTS
IBM MQ V9.1 CD
None.