Apache ActiveMQ Client used in IBM Jazz for Service Management could allow a remote attacker to conduct a man-in-the-middle attack (CVE-2018-11775)
CVEID:CVE-2018-11775
**DESCRIPTION:**Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle attack, caused by a missing TLS hostname verification. An attacker could exploit this vulnerability to launch a man-in-the-middle attack between a Java application using the ActiveMQ client and the ActiveMQ server.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/149705 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
Jazz for Service Management | 1.1.3 - 1.1.3.4 |
Affected JazzSM Version | Recommended Fix. |
---|---|
Jazz for Service Management versions 1.1.3 - 1.1.3.4 |
1. Install JazzSM 1.1.3 Fixpack5 - 1.1.3-TIV-JazzSM-multi-FP005
None
CPE | Name | Operator | Version |
---|---|---|---|
jazz for service management | eq | 1.1.3 |