Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1224

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-1224
Last Modified 08 Jul 2011 12:00:00
Published 07 Jul 2011 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1224

Summary

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application.

Vulnerable Systems

Application

  • Ibm Websphere Mq 6.0

  • Ibm Websphere Mq 6.0.1.0

  • Ibm Websphere Mq 6.0.1.1

  • Ibm Websphere Mq 6.0.2.0

  • Ibm Websphere Mq 6.0.2.1

  • Ibm Websphere Mq 6.0.2.10

  • Ibm Websphere Mq 6.0.2.2

  • Ibm Websphere Mq 6.0.2.3

  • Ibm Websphere Mq 6.0.2.4

  • Ibm Websphere Mq 6.0.2.5

  • Ibm Websphere Mq 6.0.2.6

  • Ibm Websphere Mq 6.0.2.7

  • Ibm Websphere Mq 6.0.2.8

  • Ibm Websphere Mq 6.0.2.9

  • Ibm Websphere Mq 7.0

  • Ibm Websphere Mq 7.0.0.1

  • Ibm Websphere Mq 7.0.0.2

  • Ibm Websphere Mq 7.0.1.0

  • Ibm Websphere Mq 7.0.1.1

  • Ibm Websphere Mq 7.0.1.2

  • Ibm Websphere Mq 7.0.1.3

  • Ibm Websphere Mq 7.0.1.4


References

XF - websphere-mq-cdb-security-bypass(68229)

AIXAPAR - IZ92813

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27014224

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27007069


Last Updated: 27 May 2016 10:56:14