New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.2
SynopsisThe remote Windows host has a service installed that is affected by multiple vulnerabilities.
DescriptionThe version of IBM WebSphere MQ server is version 7.1 without Fix Pack 126.96.36.199 or 7.5 without Fix Pack 188.8.131.52. It is, therefore, affected by the following vulnerabilities :
- A flaw exists in Global Security Kit (GSkit) due to a failure to properly validate data when the 'protection mechanism' is executed against an SSL CBC timing attack.
A remote attacker, using crafted values in the TLS Record Layer, can exploit this to cause a denial of service.
- A flaw exists in Global Security Kit (GSkit) due to a failure to properly verify certificates, which can allow a remote attacker to conduct a man-in-the-middle attack.
- An application can potentially put a sequence of large messages into the queue, causing a buffer to overflow in the queue manager. This can lead to a denial of service.
SolutionApply fix pack 184.108.40.206 or later.