Ibm: >> Websphere Mq Internet Pass Thru Security Vulnerabilities
The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value.
CVSS Score
4.3
EPSS Score
0.002
Published
2015-06-28
The command-port listener in IBM WebSphere MQ Internet Pass-Thru (MQIPT) 2.x before 2.1.0.1 allows remote attackers to cause a denial of service (remote-administration outage) via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.005
Published
2014-03-21