IBM Websphere MQ MCAUSER Bypass

Product Websphere MQ
Severity High
CVE Reference CVE-2008-1130
Type Websphere MQ MCAUSER Setting Bypass Vulnerability

The Websphere MQ service can be used to transfer messages between systems and applications. It is possible to lock down access to channels by setting an invalid MCAUSER. A method of bypassing this authorisation control has been discovered which would enable unauthorised access to be gained.

The vendor has released a fix for this vulnerability and download details are available within the advisory.