====================================================================

                             CERT-Renater

                  Note d'Information No. 2012/VULN295
____________________________________________________________________

DATE                :  26/07/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : OS/400, UNIX, Windows, z/OS
                       running IBM WebSphere MQ version 7.1.

======================================================================
http://www-01.ibm.com/support/docview.wss?uid=swg21595523
______________________________________________________________________

WebSphere MQ Security Vulnerability: potential for client applications
to bypass security configuration on MQ SVRCONN channels
Flash (Alert)

Document information
WebSphere MQ

Security

Software version:
7.1

Operating system(s):
OS/400, UNIX, Windows, z/OS

Reference #:
1595523

Modified date:
2012-07-24

Abstract

WebSphere MQ Security Vulnerability: There is the potential for client
applications to bypass security configuration setup on an MQ 7.1
SVRCONN channel, allowing access to the queue manager to unathourised
user ids.


Content

There is the potential for client applications to bypass security
configuration setup on a MQ 7.1 SVRCONN channel, allowing access to the
queue manager to unathourised user ids.

This exposure applies to WebSphere MQ V7.1 queue managers only and the
resolution to this issue will ship in Fix Pack 7.1.0.1. This issue is
not present in releases prior to WebSphere MQ V7.1.

Additional Search Words: authority userid secure authorization


Related information

Fix Pack 7.1.0.1 for WMQ V7.1


Product Alias/Synonym

WebSphere MQ WMQ


Copyright and trademark information

IBM, the IBM logo and ibm.com are trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other
product and service names might be trademarks of IBM or other
companies. A current list of IBM trademarks is available on the Web at
"Copyright and trademark information" at
www.ibm.com/legal/copytrade.shtml.

======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================