CVE-2015-0118 : IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 8005 IF1 and

IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 8005 IF1 and Integration Toolkit 9 before 9003 IF1 are distributed with MQ client JAR files that support only weak TLS ciphers, which might make it easier for remote attackers to obtain sensitive information by sniffing the network during a connection to an Integration Bus node.

Published 2015-06-28 22:59:03

Updated 2025-04-12 10:46:41

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2015-0118

IBM » Websphere Message Broker » Version: 7.0.0.1
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Message Broker » Version: 7.0.0.3
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Message Broker » Version: 7.0.0.4
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Message Broker » Version: 7.0.
cpe:2.3:a:ibm:websphere_message_broker:7.0.:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Message Broker » Version: 7.0.0.2
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Message Broker » Version: 8.0
cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Message Broker » Version: 8.0.0.1
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Message Broker » Version: 7.0.0.5
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Message Broker » Version: 8.0.0.2
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Message Broker » Version: 8.0.0.3
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Message Broker » Version: 8.0.0.5
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Message Broker » Version: 8.0.0.4
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Integration Bus » Version: 9.0
cpe:2.3:a:ibm:integration_bus:9.0:*:*:*:*:*:*:*
Matching versions
IBM » Integration Bus » Version: 9.0.0.1
cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Integration Bus » Version: 9.0.0.2
cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Integration Bus » Version: 9.0.0.3
cpe:2.3:a:ibm:integration_bus:9.0.0.3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-0118

EPSS FAQ

0.21%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 40 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-0118

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2015-0118

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-0118

http://www-01.ibm.com/support/docview.wss?uid=swg1IT05725

IBM notice: The page you requested cannot be displayed
http://www-01.ibm.com/support/docview.wss?uid=swg21957998

IBM Security Bulletin: WebSphere Message Broker Toolkit and IBM Integration Toolkit cannot connect to a remote WebSphere Message Broker broker or IBM Integration Bus node with a TLS-compliant cipher (
Vendor Advisory

Jump to

Vulnerability Details : CVE-2015-0118

Products affected by CVE-2015-0118

Exploit prediction scoring system (EPSS) score for CVE-2015-0118

CVSS scores for CVE-2015-0118

CWE ids for CVE-2015-0118

References for CVE-2015-0118