VYPR
Medium severity4.0NVD Advisory· Published Feb 8, 2016· Updated Jun 17, 2026

CVE-2015-2012

CVE-2015-2012

Description

The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.

Affected products

14
  • IBM/Websphere Mq14 versions
    cpe:2.3:a:ibm:websphere_mq:7.1.0.3:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:ibm:websphere_mq:7.1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:7.1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:7.1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:7.1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*
    • (no CPE)range: 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, 8.0 before 8.0.0.4

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.