Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle attack, caused by a missing TLS hostname verification. An attacker could exploit this vulnerability to launch a man-in-the-middle attack between a Java application using the ActiveMQ client and the ActiveMQ server.
**CVEID:** [CVE-2018-11775](<https://vulners.com/cve/CVE-2018-11775>)
**Description:** Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle attack,
caused by a missing TLS hostname verification. An attacker could exploit this vulnerability to launch a
man-in-the-middle attack between a Java application using the ActiveMQ client and the ActiveMQ server.
CVSS Base Score**:** 5.9
CVSS Temporal Score**:** <https://exchange.xforce.ibmcloud.com/vulnerabilities/149705> for more information.
CVSS Environmental Score***:** Undefined
CVSS Vector**:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM Control Center 5.4.2.1 through 5.4.2.2 iFix03
IBM Control Center 6.0.0.0 through 6.0.0.2 iFix04
IBM Control Center 6.1.0.0 through 6.1.0.2 iFix05
IBM Control Center 6.1.1.0 through 6.1.1.0 iFix04
IBM Control Center
|
5.4.2.2
|
iFix04
|
IT26875
|
—|—|—|—|—
IBM Control Center
|
6.0.0.2
|
iFix05
|
IT26875
|
IBM Control Center
|
6.1.0.2
|
iFix06
|
IT26875
|
IBM Control Center
|
6.1.1.0
|
iFix05
|
IT26875
|
None.
CPE | Name | Operator | Version |
---|---|---|---|
ibm control center | eq | any |