The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.
Base Score: 4.3
Impact Score: 2.9
Exploitability Score: 8.6
Base Score: 5.9
Impact Score: 3.6
Exploitability Score: 2.2
cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:* versions up to 184.108.40.206 (inclusive)