WebSphere MQ GSKit component vulnerability CVE-2016-0201

A vulnerability has been addressed in the GSKit component of IBM WebSphere MQ where an attacker can get the authentication credentials.

CVEID: CVE-2016-0201

DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to obtain authentication credentials.

As mentioned in IBM Support Portal Technote, respective APARs needs to be applied for Websphere MQ.

Affected Versions

IBM WebSphere MQ 8.0 : Fix Pack 8.0.0.4 and previous maintenance levels
IBM WebSphere MQ 7.5 : Fix Pack 7.5.0.5 and previous maintenance levels
IBM WebSphere MQ 7.1 : Fix Pack 7.1.0.7 and previous maintenance levels
IBM WebSphere MQ 7.0 : Fix Pack 7.0.1.13 and previous maintenance levels

Apply Below APARs
IBM WebSphere MQ 8.0 : Apply the ifix for APAR IT13023
IBM WebSphere MQ 7.5 : Apply the ifix for APAR IV77604
IBM WebSphere MQ 7.1 : Apply the ifix for APAR IV77604
IBM WebSphere MQ 7.0.1 : Apply the ifix for APAR IV77604

Tags: CVE-2016-0201, vulnerability, websphere mq

WebSphere MQ GSKit component vulnerability CVE-2016-0201

MWP Blog Search

Our Recent Posts

Archives

Categories