Vulnerability identifier: #VU12569
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
Vendor: IBM Corporation
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to disclosure of side channel information via discrepancies between valid and invalid PKCS#1 padding. A remote attacker can gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versions
IBM MQ: 7.0.1, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.