Information Disclosure Vulnerability in IBM MQ Appliance
CVE-2021-39000

5.9MEDIUM

Key Information:

Vendor: IBM
Status: MQ Appliance
Vendor: CVE Published:; 30 November 2021

What is CVE-2021-39000?

An information disclosure vulnerability exists in IBM MQ Appliance versions 9.2 CD and 9.2 LTS, allowing a local attacker to retrieve sensitive data through the inclusion of diagnostic information. This vulnerability can compromise the confidentiality of sensitive data by exposing it unintentionally within the diagnostics, posing a risk to data security. Organizations using these versions should assess their exposure and apply necessary mitigations to protect against potential unauthorized access.

Affected Version(s)

MQ Appliance 9.2.0.0

MQ Appliance 9.2.1

MQ Appliance 9.2.0.1

References

https://www.ibm.com/support/pages/node/6519422

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/213215

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2021
Vulnerability Reserved
Aug 16, 2021