exploitDog

CVE-2014-4793

Опубликовано: 02 окт. 2014

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21685526
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95208
http://www-01.ibm.com/support/docview.wss?uid=swg21685526
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95208

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00191

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-65c8-w8jr-qxhc

github

больше 3 лет назад

IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.

EPSS

Процентиль: 41%

0.00191

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-264