IBM WebSphere MQ 7.1 < 7.1.0.1 MQ SVRCONN Channels Security Configuration Bypass

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a service installed that is affected by a
security bypass vulnerability.

Description :

The version of IBM WebSphere MQ server 7.1 installed on the remote
Windows host is missing fix pack 7.1.0.1 or later. It is, therefore,
affected by a vulnerability where client applications can bypass the
security configuration setup on an MQ SVRCONN channel, allowing
unauthorized users access to the queue manager.

See also :

http://www.ibm.com/support/docview.wss?uid=swg21595523
http://www-01.ibm.com/support/docview.wss?uid=swg24032120

Solution :

Apply fix pack 7.1.0.1 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 62120 ()

Bugtraq ID: 54664

CVE ID: CVE-2012-3295

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now