Information Disclosure in IBM MQ Advanced Cloud Pak by IBM
CVE-2019-4239

6.2MEDIUM

Key Information:

Vendor: IBM
Status: MQ Advanced Cloud Pak (IBM Cloud Private); MQ Advanced Cloud Pak (IBM Cloud Private On Red Hat Openshift)
Vendor: CVE Published:; 14 June 2019

What is CVE-2019-4239?

The IBM MQ Advanced Cloud Pak has a vulnerability where user credentials are stored in clear text, allowing local users to access sensitive information easily. This poses a significant security risk as unauthorized access to these credentials can lead to further exploitation of the system. Organizations using affected versions should take immediate steps to secure their environments and consider upgrading to the latest patches to mitigate this risk. For detailed information, refer to IBM’s support documentation and X-Force report.

Affected Version(s)

MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift) 1.0.0

MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift) 1.1.0

MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift) 1.2.0

References

https://www.ibm.com/support/docview.wss?uid=ibm10886591

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/159465

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2019
Vulnerability Reserved
Jan 3, 2019