CVE-2010-2637:websphere_mq: IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before ...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-2637

websphere_mq: IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before ...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2637

Original

IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-11-12

Source Information Category:

Advisory, Alert

Last Updated:

2010-11-15

Affected Product Tags

cpe:/a:ibm:websphere_mq:6.0

cpe:/a:ibm:websphere_mq:6.0.0.0

cpe:/a:ibm:websphere_mq:6.0.1.0

cpe:/a:ibm:websphere_mq:6.0.1.1

cpe:/a:ibm:websphere_mq:6.0.2.0

cpe:/a:ibm:websphere_mq:6.0.2.1

cpe:/a:ibm:websphere_mq:6.0.2.10

cpe:/a:ibm:websphere_mq:6.0.2.2

cpe:/a:ibm:websphere_mq:6.0.2.3

cpe:/a:ibm:websphere_mq:6.0.2.4

cpe:/a:ibm:websphere_mq:6.0.2.5

cpe:/a:ibm:websphere_mq:6.0.2.6

cpe:/a:ibm:websphere_mq:6.0.2.7

cpe:/a:ibm:websphere_mq:6.0.2.8

cpe:/a:ibm:websphere_mq:7.0

cpe:/a:ibm:websphere_mq:7.0.0.1

cpe:/a:ibm:websphere_mq:7.0.0.2

cpe:/a:ibm:websphere_mq:7.0.1.0

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27014224

CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27007069

Vulnerability Type Cryptographic Issues (CWE-310)

XF wmq-net-pass-info-disclosure(63114)