Skip to content

User timeout parameter values for WebSphere MQ queue managers are not specified in accordance with security requirements.

An XCCDF Rule

Description

<VulnDiscussion>Users signed on to a WebSphere MQ queue manager could leave their terminals unattended for long periods of time. This may allow unauthorized individuals to gain access to WebSphere MQ resources and application data. This exposure could compromise the availability, integrity, and confidentiality of some system services and application data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-224357r520972_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Review the WebSphere MQ System Setup Guide and the information on the ALTER SECURITY command in the  WebSphere MQ Script (MQSC) Command Reference.

Ensure the values for the TIMEOUT and INTERVAL parameters are specified in accordance with security requirements.