Potential Privilege Escalation Vulnerability in IBM MQ 9.3 LTS and 9.3 CD
CVE-2024-31912

8.8HIGH

Key Information:

Vendor: IBM
Status: MQ
Vendor: CVE Published:; 28 June 2024

What is CVE-2024-31912?

A vulnerability has been identified in IBM MQ versions 9.3 LTS and 9.3 CD that may grant authenticated users the ability to escalate their privileges. This issue arises from improper privilege assignments within certain configurations, potentially leading to unauthorized access levels. Organizations using these affected versions should evaluate their settings and implement recommended security measures to mitigate risks.

Affected Version(s)

MQ 9.3 LTS and 9.3 CD

References

https://www.ibm.com/support/pages/node/7158072

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/289894

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2024
Vulnerability Reserved
Apr 7, 2024