| Vulnerability Name: | CVE-2013-3019 (CCN-84594) | ||||||
| Assigned: | 2013-06-14 | ||||||
| Published: | 2013-06-14 | ||||||
| Updated: | 2013-06-14 | ||||||
| Summary: | A vulnerability in IBM WebSphere MQ could allow an attacker to bypass security restrictions. There is the potential for a channel authentication rule to be set for a queue manager to queue manager connection to incorrectly override channel authentication rules of other types that apply to client connections. In the scenario that a mix of open and restrictive rules are deployed this could result in clients bypassing rules which would normally prevent access or limit their authorities.
Queue manager map channel authentication rules should have no effect on client connection channels. The vulnerability relies on a very open queue manager map rule being defined to countermand a restrictive rule of another type, for example an address map that sets NOACCESS. | ||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||
| Vulnerability Consequences: | Bypass Security | ||||||
| References: | Source: MITRE Type: CNA CVE-2013-3019 Source: CCN Type: IBM Security Bulletin 1639448 IBM WebSphere MQ Security Vulnerability: CHLAUTH rules for clients may be bypassed Source: XF Type: UNKNOWN was-mq-cve20133019-sec-bypass(84594) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||