Lucene search
IBMB3F76DA4F4573D36DCE786896E266F3E7AB4DC0BBA13FE236FEF7880EB214F27HistorySep 25, 2019 - 5:13 p.m.
Security Bulletin: IBM MQ AMQP Listeners are vulnerable to a session fixation attack (CVE-2019-4227)
2019-09-2517:13:00
www.ibm.com
10
EPSS
0.001
Percentile
34.3%
Summary
An error was found in the IBM MQ AMQP logic that could result in a session fixation attack.
Vulnerability Details
CVEID: CVE-2019-4227 DESCRIPTION: IBM MQ AMQP Listeners could allow an unauthorized user to conduct a session fixation attack because of improper handling of client disconnection.
CVSS Base Score: 5.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159352> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
IBM MQ V8
versions 8.0.0.4 - 8.0.0.12
IBM MQ V9.0LTS
versions 9.0.0.0 - 9.0.0.6
IBM MQ V9.1 LTS
versions 9.1.0.0 - 9.1.0.2
IBM MQ V9.1 CD
versions 9.1.0 - 9.1.2
Remediation/Fixes
IBM MQ V8
IBM MQ V9.0LTS
IBM MQ V9.1 LTS
IBM MQ V9.1 CD
Workarounds and Mitigations
None.
Related
prion
prion
Session fixation
2019-10-04 14:15:00
cvelist
cvelist
CVE-2019-4227
2019-10-04 14:05:20
nvd
nvd
CVE-2019-4227
2019-10-04 14:15:11
veracode
veracode
Insecure Session
2022-02-14 06:07:40
cve
cve
CVE-2019-4227
2019-10-04 14:15:11
ibm
ibm
EPSS
0.001
Percentile
34.3%
Related for B3F76DA4F4573D36DCE786896E266F3E7AB4DC0BBA13FE236FEF7880EB214F27