Vulnerability Details CVE-2015-2012
The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.7%
CVSS Severity
CVSS v3 Score 4.0
CVSS v2 Score 2.1
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT09866
- http://www-01.ibm.com/support/docview.wss?uid=swg21968399
- http://www.securitytracker.com/id/1034943
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT09866
- http://www-01.ibm.com/support/docview.wss?uid=swg21968399
- http://www.securitytracker.com/id/1034943
Products affected by CVE-2015-2012
-
cpe:2.3:a:ibm:websphere_mq:7.1.0.3
-
cpe:2.3:a:ibm:websphere_mq:7.1.0.4
-
cpe:2.3:a:ibm:websphere_mq:7.1.0.5
-
cpe:2.3:a:ibm:websphere_mq:7.1.0.6
-
cpe:2.3:a:ibm:websphere_mq:7.5
-
cpe:2.3:a:ibm:websphere_mq:7.5.0.2
-
cpe:2.3:a:ibm:websphere_mq:7.5.0.3
-
cpe:2.3:a:ibm:websphere_mq:7.5.0.4
-
cpe:2.3:a:ibm:websphere_mq:7.5.0.5
-
cpe:2.3:a:ibm:websphere_mq:8.0
-
cpe:2.3:a:ibm:websphere_mq:8.0.0.1
-
cpe:2.3:a:ibm:websphere_mq:8.0.0.2
-
cpe:2.3:a:ibm:websphere_mq:8.0.0.3