The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of IBM MQ: Man-in-the-Middle via Console

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle via Console on IBM MQ, in order to read or write data in the session.
Severity of this alert: 2/4.
Creation date: 11/04/2019.
Références of this alert: CVE-2018-1925, ibm10744713, VIGILANCE-VUL-29003.

Description of the vulnerability

The IBM MQ product uses the TLS protocol, in order to create secure sessions.

However, the X.509 certificate and the service identity are not correctly checked.

An attacker can therefore act as a Man-in-the-Middle via Console on IBM MQ, in order to read or write data in the session.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security note impacts software or systems such as WebSphere MQ.

Our Vigil@nce team determined that the severity of this threat announce is medium.

The trust level is of type confirmed by the editor, with an origin of internet server.

An attacker with a expert ability can exploit this computer weakness announce.

Solutions for this threat

IBM MQ: patch for Console.
A patch is indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides applications vulnerabilities bulletins. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.