CVE-2014-4793

Published Oct 2, 2014

Last updated 7 years ago

Overview

Description: IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "153F42BE-64AE-4D38-94C1-E59EF10632A2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References