Auth bypass in Ibm Websphere_message_broker

CVE-2012-5952

IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to…

Vulnerability class: Broken Authentication

EPSS: 0.002 (44.2th percentile) — read the EPSS interpretation.

Affected products

Ibm Websphere_message_broker — versions 6.1, 6.1.0.1, 6.1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
IC89803 (vendor-advisory, x_refsource_AIXAPAR)
wmb-msg-auth-bypass(80666) (vdb-entry, x_refsource_XF)