Privilege Escalation Vulnerability in IBM MQ on HPE NonStop
CVE-2021-38950

7.4HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
14 December 2021

Summary

A vulnerability exists in IBM MQ on HPE NonStop that allows an attacker to escalate privileges. This issue arises when the SharedBindingsUserId is configured in an improper state, facilitating unauthorized access and potential manipulation of the system’s security controls. Users of IBM MQ on HPE NonStop versions 8.0.4 and 8.1.0 should evaluate their configurations and apply necessary security measures to protect against possible exploitation.

Affected Version(s)

MQ for HPE NonStop 8.1.0

MQ for HPE NonStop 8.0.4

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.