IBM Websphere MQ Security Exit Bypass

Product Websphere MQ
Severity High
CVE Reference CVE-2008-1130
Type Websphere MQ Security Exit Authentication Bypass Vulnerability

The Websphere MQ service can be used to transfer messages between systems and applications. It is possible to protect the channels within the Queue Manager with a security exit which requires that an authentication check be passed before a connection can be established. A method of bypassing this authentication has been discovered which would enable unauthorised access to be gained.

The vendor has released a fix pack that addresses these issues and download details are available within the advisory.