Vulnerabilities > CVE-2015-0173 - Code vulnerability in IBM Websphere MQ Internet Pass Thru 2.1.0.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |