Local Messaging Vulnerability in IBM MQ Appliance Products
CVE-2022-22321

5.1MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 March 2022

Summary

The IBM MQ Appliance versions 9.2 CD and 9.2 LTS exhibit a vulnerability where local messaging users are stored with a password hash that does not offer adequate protection. This security flaw may allow unauthorized access to sensitive information, compromising the confidentiality and integrity of messaging communications. Organizations using affected versions should implement recommended security controls to mitigate the risks associated with this vulnerability.

Affected Version(s)

MQ Appliance 9.2 LTS

MQ Appliance 9.2 CD

References

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.