Vulnerability Description
IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Mq | 6.0 |
| Hp | Openvms | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/46837Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC78034
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71336
- http://secunia.com/advisories/46837Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC78034
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71336
FAQ
What is CVE-2011-1378?
CVE-2011-1378 is a vulnerability with a CVSS score of 1.9 (LOW). IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener proces...
How severe is CVE-2011-1378?
CVE-2011-1378 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1378?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Mq, Hp Openvms.