IBM WebSphere MQ 7.1 < MQ SVRCONN Channels Security Configuration Bypass

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has a service installed that is affected by a
security bypass vulnerability.

Description :

The version of IBM WebSphere MQ server 7.1 installed on the remote
Windows host is missing fix pack or later. It is, therefore,
affected by a vulnerability where client applications can bypass the
security configuration setup on an MQ SVRCONN channel, allowing
unauthorized users access to the queue manager.

See also :

Solution :

Apply fix pack or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 62120 ()

Bugtraq ID: 54664

CVE ID: CVE-2012-3295

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now