Unrated severityNVD Advisory· Published Jun 28, 2015· Updated Jun 17, 2026
CVE-2015-0173
CVE-2015-0173
Description
The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:ibm:websphere_mq_internet_pass_thru:*:*:*:*:*:websphere_mq:*:*Range: <=2.1.0.1
- Range: <2.1.0.2
Patches
Vulnerability mechanics
References
2- www-01.ibm.com/support/docview.wssnvdPatchVendor Advisory
- www.securitytracker.com/id/1032630nvd
News mentions
0No linked articles in our index yet.