VYPR
← All advisories
Low severity2.5NVD Advisory· Published Jun 26, 2016· Updated May 6, 2026

CVE-2016-0259

CVE-2016-0259

Description

Local users can bypass +dsp authority in IBM WebSphere MQ 8.x runmqsc to view sensitive information via display commands.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Local users can bypass +dsp authority in IBM WebSphere MQ 8.x runmqsc to view sensitive information via display commands.

Vulnerability

The vulnerability resides in the runmqsc command-line interface of IBM WebSphere MQ. In versions 8.0.0.0 through 8.0.0.4, local users can execute certain display commands that return sensitive information even when they lack the required +dsp authority. The issue only affects local runmqsc sessions, not remote connections [1].

Exploitation

An attacker needs local access to the system and the ability to connect to the local queue manager via runmqsc. No authentication beyond local user access is required. The attacker simply runs unspecified display commands that should be restricted but are not properly checked for +dsp authority [1].

Impact

Successful exploitation allows a local user to obtain sensitive information from the queue manager, such as configuration details or other protected data. The impact is limited to information disclosure (confidentiality) with no effect on integrity or availability. The CVSS score is 2.5 (Low) [1].

Mitigation

The vulnerability is fixed in IBM WebSphere MQ version 8.0.0.5. Users should upgrade to this version or later. No workarounds are available [1]. The issue is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.

References
  1. Security Bulletin: IBM WebSphere MQ Improper access control for some display commands in local runmqsc (CVE-2016-0259)

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5
  • IBM/Websphere Mq5 versions
    cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*
    • (no CPE)range: <8.0.0.5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.