Information Disclosure in IBM MQ Advanced Cloud Pak by IBM
CVE-2019-4239

6.2MEDIUM

Key Information:

Vendor
IBM
Status
MQ Advanced Cloud Pak (IBM Cloud Private)
MQ Advanced Cloud Pak (IBM Cloud Private On Red Hat Openshift)
Vendor
CVE Published:
14 June 2019

Summary

The IBM MQ Advanced Cloud Pak has a vulnerability where user credentials are stored in clear text, allowing local users to access sensitive information easily. This poses a significant security risk as unauthorized access to these credentials can lead to further exploitation of the system. Organizations using affected versions should take immediate steps to secure their environments and consider upgrading to the latest patches to mitigate this risk. For detailed information, refer to IBM’s support documentation and X-Force report.

Affected Version(s)

MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift) 1.0.0

MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift) 1.1.0

MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift) 1.2.0

References

https://www.ibm.com/support/docview.wss?uid=ibm10886591
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/159465
vdb-entryx_refsource_XF

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.