CVE-2015-1957: Infoleak
First published: Tue Apr 10 2018(Updated: )
IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere MQ | >=7.5<7.5.0.6 | |
| IBM WebSphere MQ | >=8.0<8.0.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2015-1957.
What is the severity of vulnerability CVE-2015-1957?
The severity of vulnerability CVE-2015-1957 is medium with a CVSS score of 5.3.
Which versions of IBM WebSphere MQ are affected by vulnerability CVE-2015-1957?
IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 are affected by vulnerability CVE-2015-1957.
How can remote authenticated users exploit vulnerability CVE-2015-1957?
Remote authenticated users can exploit vulnerability CVE-2015-1957 by conducting a man-in-the-middle attack to obtain sensitive information.
Are there any references or resources available for vulnerability CVE-2015-1957?
Yes, you can find more information about vulnerability CVE-2015-1957 in the IBM support document [link here] and the IBM X-Force ID [link here].
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm websphere mq
- version/ibm websphere mq/7.5
- version/ibm websphere mq/8.0