| V-224558 | High | WebSphere MQ switch profiles must be properly defined to the MQADMIN class. | WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
| V-224551 | High | WebSphere MQ channel security must be implemented in accordance with security requirements. | WebSphere MQ Channel security can be configured to provide authentication, message privacy, and message integrity between queue managers. Secure Sockets Layer (SSL) uses encryption techniques,... |
| V-224559 | Medium | WebSphere MQ MQCONN Class (Connection) resource definitions must be protected in accordance with security.
| WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
| V-224555 | Medium | WebSphere MQ started tasks are not defined in accordance with the proper security requirements. | Started tasks are used to execute WebSphere MQ queue manager services. Improperly defined WebSphere MQ started tasks may result in inappropriate access to application resources and the loss of... |
| V-224554 | Medium | User timeout parameter values for WebSphere MQ queue managers are not specified in accordance with security requirements.
| Users signed on to a WebSphere MQ queue manager could leave their terminals unattended for long periods of time. This may allow unauthorized individuals to gain access to WebSphere MQ resources... |
| V-224557 | Medium | WebSphere MQ resource classes are not properly actived for security checking by the ACP.
| WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
| V-224556 | Medium | WebSphere MQ all update and alter access to MQSeries/WebSphere MQ product and system data sets are not properly restricted. | MVS data sets provide the configuration, operational, and executable properties of WebSphere MQ. Some data sets are responsible for the security implementation of WebSphere MQ. Failure to properly... |
| V-224553 | Medium | Production WebSphere MQ Remotes must utilize Certified Name Filters (CNF). | IBM WebSphere MQ can use a user ID associated with an ACP certificate as a channel user ID. When an entity at one end of an SSL channel receives a certificate from a remote connection, the entity... |
| V-224552 | Medium | WebSphere MQ channel security is not implemented in accordance with security requirements. | WebSphere MQ channel security can be configured to provide authentication, message privacy, and message integrity between queue managers. WebSphere MQ channels use SSL encryption techniques,... |
| V-224564 | Medium | WebSphere MQ Alternate User resources defined to MQADMIN resource class are not protected in accordance with security requirements.
| WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
| V-224565 | Medium | WebSphere MQ context resources defined to the MQADMIN resource class are not protected in accordance with security requirements. | Context security validates whether a userid has authority to pass or set identity and/or origin data
for a message. Context security will be active to avoid security exposure.
This exposure... |
| V-224566 | Medium | WebSphere MQ command resources defined to MQCMDS resource class are not protected in accordance with security requirements. | WebSphere MQ resources allow for the control of commands. Failure to properly protect WebSphere MQ Command resources may result in unauthorized access. This exposure could compromise the... |
| V-224567 | Medium | WebSphere MQ RESLEVEL resources in the MQADMIN resource class are not protected in accordance with security requirements. | RESLEVEL security profiles control the number of userids checked for API-resource security.
RESLEVEL is a powerful option that can cause the bypassing of all security checks.
RESLEVEL security... |
| V-224560 | Medium | WebSphere MQ dead letter and alias dead letter queues are not properly defined. | WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
| V-224561 | Medium | WebSphere MQ MQQUEUE (Queue) resource profiles defined to the MQQUEUE class are not protected in accordance with security requirements.
| WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
| V-224562 | Medium | WebSphere MQ Process resource profiles defined in the MQPROC Class are not protected in accordance with security requirements.
| WebSphere MQ Process resources allow for the control of processes. Failure to properly protect WebSphere MQ resources may result in unauthorized access. This exposure could compromise the... |
| V-224563 | Medium | WebSphere MQ Namelist resource profiles defined in the MQNLIST Class are not protected in accordance with security requirements.
| WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
