Lucene search
IBMD3B59177D114DCF1239840844E0A1313A6C48D0E9D54BDCA2BE196EB6EC763A0HistoryJul 24, 2020 - 10:19 p.m.
Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Control Center (CVE-2018-11775)
2020-07-2422:19:08
www.ibm.com
41
0.004 Low
EPSS
Percentile
73.8%
Summary
Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle attack, caused by a missing TLS hostname verification. An attacker could exploit this vulnerability to launch a man-in-the-middle attack between a Java application using the ActiveMQ client and the ActiveMQ server.
Vulnerability Details
**CVEID:** [CVE-2018-11775](<https://vulners.com/cve/CVE-2018-11775>)
**Description:** Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle attack,
caused by a missing TLS hostname verification. An attacker could exploit this vulnerability to launch a
man-in-the-middle attack between a Java application using the ActiveMQ client and the ActiveMQ server.
CVSS Base Score**:** 5.9
CVSS Temporal Score**:** <https://exchange.xforce.ibmcloud.com/vulnerabilities/149705> for more information.
CVSS Environmental Score***:** Undefined
CVSS Vector**:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
IBM Control Center 5.4.2.1 through 5.4.2.2 iFix03
IBM Control Center 6.0.0.0 through 6.0.0.2 iFix04
IBM Control Center 6.1.0.0 through 6.1.0.2 iFix05
IBM Control Center 6.1.1.0 through 6.1.1.0 iFix04
Remediation/Fixes
IBM Control Center
|
5.4.2.2
|
iFix04
|
IT26875
|
—|—|—|—|—
IBM Control Center
|
6.0.0.2
|
iFix05
|
IT26875
|
IBM Control Center
|
6.1.0.2
|
iFix06
|
IT26875
|
IBM Control Center
|
6.1.1.0
|
iFix05
|
IT26875
|
Workarounds and Mitigations
None.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm control center | eq | any |
Related
redhatcve
redhatcve
CVE-2018-11775
2018-09-14 20:18:54
cve
cve
CVE-2018-11775
2018-09-10 20:29:00
ibm
ibm
Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache ActiveMQ vulnerability (CVE-2018-11775)
2019-12-20 08:47:33
nvd
nvd
CVE-2018-11775
2018-09-10 20:29:00
openvas
openvas
Apache Active MQ 5.0.0 - 5.15.5 Missing TLS Hostname Verification Vulnerability - Linux
2018-09-20 00:00:00
Apache Active MQ 5.0.0 - 5.15.5 Missing TLS Hostname Verification Vulnerability - Windows
2018-09-20 00:00:00
Debian: Security Advisory (DLA-2583-1)
2021-03-06 00:00:00
osv
osv
Improper Certificate Validation in Apache activemq-client
2018-10-19 16:42:27
CVE-2018-11775
2018-09-10 20:29:00
activemq - security update
2021-03-05 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2018-09-11 06:20:10
github
github
Improper Certificate Validation in Apache activemq-client
2018-10-19 16:42:27
cvelist
cvelist
CVE-2018-11775
2018-09-10 00:00:00
ubuntucve
ubuntucve
CVE-2018-11775
2018-09-10 00:00:00
prion
prion
Default credentials
2018-09-10 20:29:00
nessus
nessus
Apache ActiveMQ Client 5.x < 5.15.6 TLS Hostname Verification Weakness
2018-09-14 00:00:00
Debian DLA-2583-1 : activemq security update
2021-03-08 00:00:00
Oracle Enterprise Manager Cloud Control (Jul 2019 CPU)
2019-07-17 00:00:00
debiancve
debiancve
CVE-2018-11775
2018-09-10 20:29:00
debian
debian
[SECURITY] [DLA 2583-1] activemq security update
2021-03-05 17:05:48
redhat
redhat
(RHSA-2019:3892) Important: Red Hat Fuse 7.5.0 security update
2019-11-14 21:15:16
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00
0.004 Low
EPSS
Percentile
73.8%
Related for D3B59177D114DCF1239840844E0A1313A6C48D0E9D54BDCA2BE196EB6EC763A0