Ibm: >> Websphere Mq >> 5.3.1.12 Security Vulnerabilities
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-02-22
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.
CVSS Score
5.9
EPSS Score
0.002
Published
2017-02-22
Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response.
CVSS Score
4.3
EPSS Score
0.002
Published
2015-04-27
The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.
CVSS Score
3.3
EPSS Score
0.001
Published
2008-03-09