CVE-2015-5011 Information

Description

IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands which allows local users to bypass intended access restrictions and start or stop a service by issuing a command.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg1PI28139 http://www-01.ibm.com/support/docview.wss?uid=swg21967265