IBM WebSphere MQ 6.0 prior to 6.0.2.9 and 7.0 prior to 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote malicious users to obtain sensitive information by sniffing the network traffic from a .NET client application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere mq 6.0.2.2 |
||
ibm websphere mq 6.0 |
||
ibm websphere mq 6.0.2.0 |
||
ibm websphere mq 7.0.0.2 |
||
ibm websphere mq 7.0.1.0 |
||
ibm websphere mq 6.0.1.1 |
||
ibm websphere mq 6.0.1.0 |
||
ibm websphere mq 6.0.2.5 |
||
ibm websphere mq 7.0 |
||
ibm websphere mq 7.0.0.1 |
||
ibm websphere mq 6.0.2.3 |
||
ibm websphere mq 6.0.0.0 |
||
ibm websphere mq 6.0.2.7 |
||
ibm websphere mq 6.0.2.8 |
||
ibm websphere mq 6.0.2.1 |
||
ibm websphere mq 6.0.2.4 |
||
ibm websphere mq 6.0.2.10 |
||
ibm websphere mq 6.0.2.6 |