Local Messaging Vulnerability in IBM MQ Appliance Products
CVE-2022-22321
5.1MEDIUM
Summary
The IBM MQ Appliance versions 9.2 CD and 9.2 LTS exhibit a vulnerability where local messaging users are stored with a password hash that does not offer adequate protection. This security flaw may allow unauthorized access to sensitive information, compromising the confidentiality and integrity of messaging communications. Organizations using affected versions should implement recommended security controls to mitigate the risks associated with this vulnerability.
Affected Version(s)
MQ Appliance 9.2 LTS
MQ Appliance 9.2 CD
References
CVSS V3.1
Score:
5.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved