Remote Attack via Detailed Technical Error Message in Browser Could Lead to Sensitive Information Disclosure
CVE-2024-35155
6.5MEDIUM
Summary
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765.
Affected Version(s)
MQ = 9.3 LTS and 9.3 CD
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
HIGH
Integrity:
NONE
Availability:
NONE
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database