Session Management Flaw in IBM MQ Appliance
CVE-2022-40230

6.5MEDIUM

Key Information:

Vendor: IBM
Status: IBM MQ Appliance
Vendor: CVE Published:; 3 November 2022

What is CVE-2022-40230?

IBM MQ Appliance versions 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS contain a vulnerability where user sessions are not invalidated after logout. This oversight can potentially allow an authenticated user to impersonate another user, posing a significant risk to system security. Proper session handling is crucial to prevent unauthorized access and ensure user integrity. For further information, visit IBM's official documentation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

IBM MQ Appliance "9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3"

References

https://www.ibm.com/support/pages/node/6622051

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2022
Vulnerability Reserved
Sep 8, 2022

JSON

IBM

What is CVE-2022-40230?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.