IBM Security Bulletin: IBM MQ Java/JMS application can incorrectly flow password in plain text. (CVE-2017-1337)
IBM MQ Java/JMS application can incorrectly flow password in plain text when PASSWORDPROTECTION=ALWAYS is set in mqclient.ini
CVE(s): CVE-2017-1337
Affected product(s) and affected version(s):
IBM MQ V9 CD
IBM MQ V9.0.1 and V9.0.2
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2tp4WVh
X-Force Database: http://ift.tt/2sUHDin
The post IBM Security Bulletin: IBM MQ Java/JMS application can incorrectly flow password in plain text. (CVE-2017-1337) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2tp7PoW