Sensitive Information Exposure in IBM MQ Internet Pass-Thru
CVE-2022-35719

5.1MEDIUM

Key Information:

Vendor: IBM
Status: MQ Internet Pass-thru
Vendor: CVE Published:; 14 November 2022

Summary

IBM MQ Internet Pass-Thru 2.1, 9.2 LTS, and 9.2 CD have a vulnerability that allows local users to access potentially sensitive information stored in trace files. This unintentional exposure of data can lead to serious security risks if exploited, as unauthorized users may gain insights into confidential operations or credentials stored within these files.

Affected Version(s)

MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD

References

https://www.ibm.com/support/pages/node/6838559

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/231370

vdb-entry

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2022
Vulnerability Reserved
Jul 12, 2022