CVE-2014-4822
low
CVSS v3
—
CVSS v2
1.9
VIR risk
1.9
Description
IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21686339
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | websphere_mq | 8.0.0.0 | |
| ibm | websphere_mq_explorer | 7.5.0.0 | |
| ibm | websphere_mq_explorer | 7.5.0.1 | |
| ibm | websphere_mq_explorer | 7.5.0.2 | |
| ibm | websphere_mq_explorer | 7.5.0.3 | |
| ibm | websphere_mq_explorer | 7.5.0.4 | |
| ibm | websphere_mq_explorer | 8.0.0.0 | |
| ibm | websphere_mq_explorer | 8.0.0.1 | |
References
- http://secunia.com/advisories/59921
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT04023
- http://www-01.ibm.com/support/docview.wss?uid=swg21686339
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95467
- http://secunia.com/advisories/59921
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT04023
- http://www-01.ibm.com/support/docview.wss?uid=swg21686339
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95467
CWEs
CWE-255
Verify integrity in audit chain (admin only). AS-IS.