IBM Support

IZ01272: Potential security exposure in MQ client channels


You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • A problem has been discovered which can enable an application
    to connect into a queue manager via a SVRCONN (MQ client)
    channel regardless of whether it is secured with a
    security exit or mcauser.
    This affects all distributed releases of MQ, prior to or
    5.3 fix pack 14.
    Interim fixes for this APAR can be found under "Platform
    downloads" or "Download to all Fix Packs" here:

Local fix

Problem summary

  • ****************************************************************
    Users of client channels. This affects all releases of MQ on
    all distributed platforms. The fix need only be applied to WMQ
    server systems. It does not need to be applied to systems with
    client only code.
    Platforms affected:
     All Distributed (iSeries, all Unix and Windows)
    A potential security exposure has been discovered which allows
    access through a client channel to a queue manager, even
    if the channel is protected with a security exit or mcauserid.
    No further details will be provided.

Problem conclusion

  • The potential security exposure is resolved with application of
    this APAR.
    The fix need only be applied to WMQ server systems. It does not
    need to be applied to systems with client only code.
    No further details will be provided.
    Related fixes for other platforms:
    APAR PK47908 - WebSphere MQ for z/OS V5.2, V5.3.0 and V5.3.1
    APAR PK47913 - WebSphere MQ for z/OS V6.0
    APAR SE29541 - WebSphere MQ for iSeries V5.3
    APAR SE29561 - WebSphere MQ for iSeries V6.0
    APAR IC53371 - WebSphere MQ for HP Nonstop Server V5.3
    APAR IC53372 - MQSeries for Compaq NonStop Kernel V5.1
    APAR PK50462 - MQSeries for VSE/ESA, V2.1.2
    APAR IC53387 - MQSeries for Tru64 V5.1
    IBM acknowledges the assistance of those users, including the
    Security Assurance Team of the National Australia Bank, who
    contributed to the diagnosis of the problem and to the testing
    of the resolution.
    The fix is targeted for delivery in the following PTFs:
    Platform           Fix Pack 14
    --------           --------------------
    Windows            U200266
    AIX                U808477
    HP-UX (PA-RISC)    U808478
    Solaris (SPARC)    U808480
    iSeries            SI24366
    Linux (x86)        U808481
    Linux (zSeries)    U808483
    Platform           Fix Pack
    --------           --------------------
    Windows            U200270
    AIX                U809895
    HP-UX (PA-RISC)    U809898
    HP-UX (Itanium)    U810084
    Solaris (SPARC)    U809913
    Solaris (x86-64)   U810362
    iSeries            SI27286
    Linux (x86)        U809950
    Linux (x86-64)     U810178
    Linux (zSeries)    U810081
    Linux (Power)      U810083
    Linux (s390x)      U810110
    The latest available maintenance can be obtained from
    'Websphere MQ Recommended Fixes'
    If the maintenance level is not yet available, information on
    its planned availability can be found in 'Websphere MQ
    Planned Maintenance Release Dates'

Temporary fix


APAR Information

  • APAR number


  • Reported component name

    WMQ AIX V6

  • Reported component ID


  • Reported release


  • Status


  • PE




  • Special Attention


  • Submitted date


  • Closed date


  • Last modified date


  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WMQ AIX V6

  • Fixed component ID


Applicable component levels

  • R600 PSY


Document information

More support for: WebSphere MQ

Software version: 6.0

Reference #: IZ01272

Modified date: 28 January 2009

Translate this page: