CVE-2010-2637

IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.

Published: Nov 12, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-2637
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
ibm / websphere_mq	7.0.0.1	7.0.0.1.x
ibm / websphere_mq	6.0.1.0	6.0.1.0.x
ibm / websphere_mq	6.0	6.0.x
ibm / websphere_mq	6.0.2.4	6.0.2.4.x
ibm / websphere_mq	6.0.1.1	6.0.1.1.x
ibm / websphere_mq	6.0.2.7	6.0.2.7.x
ibm / websphere_mq	7.0.0.2	7.0.0.2.x
ibm / websphere_mq	6.0.0.0	6.0.0.0.x
ibm / websphere_mq	6.0.2.3	6.0.2.3.x
ibm / websphere_mq	6.0.2.1	6.0.2.1.x
ibm / websphere_mq	6.0.2.8	6.0.2.8.x
ibm / websphere_mq	6.0.2.2	6.0.2.2.x
ibm / websphere_mq	6.0.2.0	6.0.2.0.x
ibm / websphere_mq	6.0.2.10	6.0.2.10.x
ibm / websphere_mq	6.0.2.5	6.0.2.5.x
ibm / websphere_mq	6.0.2.6	6.0.2.6.x
ibm / websphere_mq	7.0	7.0.x
ibm / websphere_mq	7.0.1.0	7.0.1.0.x

Vulnerability Database

289,871

CVE-2010-2637