CVE-2011-1378
First published: Sat Nov 26 2011(Updated: )
IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere MQ | =6.0 | |
| OpenVMS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-1378?
CVE-2011-1378 is considered a medium severity vulnerability due to its potential to allow local users to manipulate critical processes.
How do I fix CVE-2011-1378?
To fix CVE-2011-1378, ensure proper user rights and access controls are implemented for the MQM group in IBM WebSphere MQ 6.0.
What products are affected by CVE-2011-1378?
CVE-2011-1378 specifically affects IBM WebSphere MQ version 6.0 running on HP OpenVMS.
Can CVE-2011-1378 be exploited remotely?
No, CVE-2011-1378 can only be exploited locally by users who have access to the system.
What is the impact of CVE-2011-1378 on the system?
Exploitation of CVE-2011-1378 allows local users to terminate essential listener processes and the command server, potentially disrupting service.
- collector/nvd-historical
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm websphere mq
- version/ibm websphere mq/6.0
- vendor/hp
- canonical/hp openvms