IBM Websphere MQ MCAUSER Bypass

CVE-2008-1130

Type

Websphere MQ MCAUSER Setting Bypass Vulnerability

Severity

High

Affected products

Websphere MQ

Date

2008-03-28

CVE Reference

CVE-2008-1130

The Websphere MQ service can be used to transfer messages between systems and applications. It is possible to lock down access to channels by setting an invalid MCAUSER. A method of bypassing this authorisation control has been discovered which would enable unauthorised access to be gained.

The vendor has released a fix for this vulnerability and download details are available within the advisory.