Vulnerability Name: | CVE-2010-2637 (CCN-63114) |
Assigned: | 2010-04-06 |
Published: | 2010-04-06 |
Updated: | 2017-08-17 |
Summary: | IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.
|
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): None Availibility (A): None |
|
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): None Availibility (A): None | 4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N) 3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): None Availibility (A): None |
|
Vulnerability Type: | CWE-310
|
Vulnerability Consequences: | Obtain Information |
References: | Source: MITRE Type: CNA CVE-2010-2637
Source: CCN Type: IBM APAR IZ56005 Fix list for WebSphere MQ V6
Source: AIXAPAR Type: UNKNOWN IZ56005
Source: CONFIRM Type: UNKNOWN http://www-01.ibm.com/support/docview.wss?uid=swg27007069
Source: CONFIRM Type: UNKNOWN http://www-01.ibm.com/support/docview.wss?uid=swg27014224
Source: CCN Type: OSVDB ID: 69229 IBM WebSphere MQ Security Parameters Field Cleartext Credentials Weakness
Source: XF Type: UNKNOWN wmq-net-pass-info-disclosure(63114)
Source: XF Type: UNKNOWN wmq-net-pass-info-disclosure(63114)
|
Vulnerable Configuration: | Configuration 1: cpe:/a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.7:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.8:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.10:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:* Configuration CCN 1: cpe:/a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*
Denotes that component is vulnerable |
BACK |