Boletines de Vulnerabilidades

IBM Security Bulletin: IBM WebSphere MQ Explorer does not protect credentials (CVE-2015-1967)

Información sobre el sistema
   
Software afectado IBM

Descripción
IBM WebSphere MQ Explorer can be configured to send userid and password credentials to a remote queue manager for authentication. When compatibility mode is unchecked in MQ Explorer, the password should be sent in a protected form in the absence of any transport level security, such as TLS. An error in the MQ Explorer implementation in IBM WebSphere MQ 8.0.0.2 and earlier maintenance always causes compatibility mode to be used and password credentials to be sent in cleartext. CVE(s):

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_websphere_mq_explorer_does_not_protect_credentials_cve_2015_1967?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2015-1967 and CVE-2015-4000.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-06-26

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT