CVE-2014-4793

IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21685526	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95208
http://www-01.ibm.com/support/docview.wss?uid=swg21685526	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95208

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 02:10

Type	Values Removed	Values Added
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21685526 - Patch, Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21685526 - Patch, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/95208 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/95208 -

Information

Published : 2014-10-02 00:55

Updated : 2024-11-21 02:10

NVD link : CVE-2014-4793

Mitre link : CVE-2014-4793

CVE.ORG link : CVE-2014-4793

JSON object : View

Products Affected

ibm

websphere_mq

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-4793", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-10-02T00:55:03.797", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685526", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95208", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685526", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95208", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors."}, {"lang": "es", "value": "IBM WebSphere MQ 8.x anterior a 8.0.0.1 no fuerza debidamente las normas CHLAUTH para el bloqueo de las conexiones de clientes en ciertas circunstancias relacionadas con el atributo CONNAUTH, lo que permite a usuarios remotos autenticados evadir las restricciones de acceso a la gesti\u00f3n de colas a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T02:10:53.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "153F42BE-64AE-4D38-94C1-E59EF10632A2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}