Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM WebSphere MQIPT Internet Pass-Thru 信息泄露漏洞
Vulnerability Description
IBM WebSphere MQ是美国IBM公司的一款消息传递中间件产品。Internet Pass-Thru(IPT)是一个基于WebSphere MQ产品的且用于实现远程站点与互联网之间进行消息传递的扩展。 IBM WebSphere MQ的IPT 2.1.0.2之前版本中的HTTP connection-management功能存在安全漏洞,该漏洞源于程序禁用HTTPS时,没有正确生成MQIPT Session ID。远程攻击者可通过预测ID值利用该漏洞绕过MQ消息数据上的既定的限制。
CVSS Information
N/A
Vulnerability Type
N/A