IBM Websphere MQ Security Exit Bypass

CVE-2008-1130

    Type

  • Websphere MQ Security Exit Authentication Bypass Vulnerability

    • Severity

  • High

    • Affected products

  • Websphere MQ

    • Date

  • 2008-03-28

    • CVE Reference

  • CVE-2008-1130
Read more

The Websphere MQ service can be used to transfer messages between systems and applications. It is possible to protect the channels within the Queue Manager with a security exit which requires that an authentication check be passed before a connection can be established. A method of bypassing this authentication has been discovered which would enable unauthorised access to be gained.

The vendor has released a fix pack that addresses these issues and download details are available within the advisory.