Information Disclosure Vulnerability in IBM MQ Appliance
CVE-2021-39000

5.9MEDIUM

Key Information:

Vendor
IBM
Status
MQ Appliance
Vendor
CVE Published:
30 November 2021

Summary

An information disclosure vulnerability exists in IBM MQ Appliance versions 9.2 CD and 9.2 LTS, allowing a local attacker to retrieve sensitive data through the inclusion of diagnostic information. This vulnerability can compromise the confidentiality of sensitive data by exposing it unintentionally within the diagnostics, posing a risk to data security. Organizations using these versions should assess their exposure and apply necessary mitigations to protect against potential unauthorized access.

Affected Version(s)

MQ Appliance 9.2.0.0

MQ Appliance 9.2.1

MQ Appliance 9.2.0.1

References

https://www.ibm.com/support/pages/node/6519422
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/213215
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.