Описание
IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:6.0.2.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:6.0.2.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:6.0.2.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:6.0.2.10:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.0012
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application.
EPSS
Процентиль: 31%
0.0012
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-264