CVE-2010-2637
https://notcve.org/view.php?id=CVE-2010-2637
IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. IBM WebSphere MQ v6.0 anterior v6.0.2.9 y v7.0 anterior v7.0.1.1 no encripta el nombre de usuarios y password en el campos de parámetros de seguridad, lo que permite a atacantes remotos a obtener información sensible por captura de tráfico de red desde una aplicación cliente .NET. • http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005 http://www-01.ibm.com/support/docview.wss?uid=swg27007069 http://www-01.ibm.com/support/docview.wss?uid=swg27014224 https://exchange.xforce.ibmcloud.com/vulnerabilities/63114 • CWE-310: Cryptographic Issues •
CVE-2010-0782
https://notcve.org/view.php?id=CVE-2010-0782
IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate. IBM WebSphere MQ v6.x anterior a v6.0.2.10 y v7.x anterior a v7.0.1.3, permite a atacantes remotos suplantar certificados autenticados X.509, y enviar y recibir mensajes del canal a través de un valor manipulado de un Subject Distinguished Name (DN). • http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68707 http://www-01.ibm.com/support/docview.wss?uid=swg27014224 https://exchange.xforce.ibmcloud.com/vulnerabilities/60018 •
CVE-2010-0772
https://notcve.org/view.php?id=CVE-2010-0772
Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via "incorrect channel control data." Una vulnerabilidad no especificada en el proceso de canales en IBM WebSphere MQ v7.0 antes v7.0.1.2 permite a usuarios remotos autenticados causar una denegación de servicio (mediante caida del demonio) a través de "datos incorrectos en el canal de control." • http://securitytracker.com/id?1023961 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ68621 http://www.vupen.com/english/advisories/2010/1083 https://exchange.xforce.ibmcloud.com/vulnerabilities/58039 •
CVE-2009-3159
https://notcve.org/view.php?id=CVE-2009-3159
Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors. Vulnerabilidad sin especificar en la función rriDecompress function de IBM WebSphere MQ v7.0.0.0, v7.0.0.1 v7.0.0.2 permite a atacantes remotos provocar una denegación de servicio a través de vectores de ataque desconocidos. • http://secunia.com/advisories/36647 http://www-01.ibm.com/support/docview.wss?uid=swg24024153 http://www-1.ibm.com/support/docview.wss?uid=swg1IC62450 http://www.securityfocus.com/bid/36310 http://www.vupen.com/english/advisories/2009/2578 •
CVE-2009-3160
https://notcve.org/view.php?id=CVE-2009-3160
IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue. IBM WebSphere MQ v6.x desde v6.0.2.7, v7.0.0.0, v7.0.0.1, v7.0.0.2, y v7.0.1.0, cuando "read ahead" o "asynchronous message consumption" esta activado, permite a atacantes remotos obtener un impacto desconocido a traves de vectores desconocidos, relacionado con la sobrescritura de memoria. • http://secunia.com/advisories/36647 http://www-01.ibm.com/support/docview.wss?uid=swg24024153 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ56259 http://www.securityfocus.com/bid/36310 http://www.vupen.com/english/advisories/2009/2578 •