IBM Websphere MQ MCAUSER Bypass

CVE-2008-1130

    Type

  • Websphere MQ MCAUSER Setting Bypass Vulnerability
  • Severity

  • High
  • Affected products

  • Websphere MQ
  • Date

  • 2008-03-28
  • CVE Reference

  • CVE-2008-1130

The Websphere MQ service can be used to transfer messages between systems and applications. It is possible to lock down access to channels by setting an invalid MCAUSER. A method of bypassing this authorisation control has been discovered which would enable unauthorised access to be gained.

The vendor has released a fix for this vulnerability and download details are available within the advisory.