CVE-2014-4793

medium

Published 2014-10-02 · Modified 2026-05-06

CVSS v3

—

CVSS v2

6.5

VIR risk

6.5

Description

IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21685526

Application impact

Vendor	Product	Versions	Fixed
ibm	websphere_mq	`8.0.0.0`

References

http://www-01.ibm.com/support/docview.wss?uid=swg21685526
https://exchange.xforce.ibmcloud.com/vulnerabilities/95208
http://www-01.ibm.com/support/docview.wss?uid=swg21685526
https://exchange.xforce.ibmcloud.com/vulnerabilities/95208

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.