CVE-2010-2637

EUVD-2010-2641
IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_mq
6.0
ibmwebsphere_mq
6.0.0.0
ibmwebsphere_mq
6.0.1.0
ibmwebsphere_mq
6.0.1.1
ibmwebsphere_mq
6.0.2.0
ibmwebsphere_mq
6.0.2.1
ibmwebsphere_mq
6.0.2.2
ibmwebsphere_mq
6.0.2.3
ibmwebsphere_mq
6.0.2.4
ibmwebsphere_mq
6.0.2.5
ibmwebsphere_mq
6.0.2.6
ibmwebsphere_mq
6.0.2.7
ibmwebsphere_mq
6.0.2.8
ibmwebsphere_mq
6.0.2.10
ibmwebsphere_mq
7.0
ibmwebsphere_mq
7.0.0.1
ibmwebsphere_mq
7.0.0.2
ibmwebsphere_mq
7.0.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005
http://www-01.ibm.com/support/docview.wss?uid=swg27007069
http://www-01.ibm.com/support/docview.wss?uid=swg27014224
https://exchange.xforce.ibmcloud.com/vulnerabilities/63114
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005
http://www-01.ibm.com/support/docview.wss?uid=swg27007069
http://www-01.ibm.com/support/docview.wss?uid=swg27014224
https://exchange.xforce.ibmcloud.com/vulnerabilities/63114