CVE-2010-2637

IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_mq
6.0
ibmwebsphere_mq
6.0.0.0
ibmwebsphere_mq
6.0.1.0
ibmwebsphere_mq
6.0.1.1
ibmwebsphere_mq
6.0.2.0
ibmwebsphere_mq
6.0.2.1
ibmwebsphere_mq
6.0.2.2
ibmwebsphere_mq
6.0.2.3
ibmwebsphere_mq
6.0.2.4
ibmwebsphere_mq
6.0.2.5
ibmwebsphere_mq
6.0.2.6
ibmwebsphere_mq
6.0.2.7
ibmwebsphere_mq
6.0.2.8
ibmwebsphere_mq
6.0.2.10
ibmwebsphere_mq
7.0
ibmwebsphere_mq
7.0.0.1
ibmwebsphere_mq
7.0.0.2
ibmwebsphere_mq
7.0.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005
http://www-01.ibm.com/support/docview.wss?uid=swg27007069
http://www-01.ibm.com/support/docview.wss?uid=swg27014224
https://exchange.xforce.ibmcloud.com/vulnerabilities/63114
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005
http://www-01.ibm.com/support/docview.wss?uid=swg27007069
http://www-01.ibm.com/support/docview.wss?uid=swg27014224
https://exchange.xforce.ibmcloud.com/vulnerabilities/63114