CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-0173

The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.1%

CVSS Severity

CVSS v2 Score 4.3

References

http://www-01.ibm.com/support/docview.wss?uid=swg21699547
http://www.securitytracker.com/id/1032630
http://www-01.ibm.com/support/docview.wss?uid=swg21699547
http://www.securitytracker.com/id/1032630

Products affected by CVE-2015-0173

Ibm » Websphere Mq Internet Pass Thru » Version: 2.1.0.1

cpe:2.3:a:ibm:websphere_mq_internet_pass_thru:2.1.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-0173

Products

Pricing

Contact Us