Information Disclosure in IBM MQ Products
CVE-2024-54173

4.7MEDIUM

Key Information:

Vendor: IBM
Status: MQ
Vendor: CVE Published:; 28 February 2025

Summary

IBM MQ versions 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD may inadvertently disclose sensitive information in trace files. This issue occurs when the webconsole trace feature is enabled, allowing local users to potentially read these trace files and access confidential data. Proper security measures and monitoring are recommended to mitigate this risk.

Affected Version(s)

MQ 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD

References

https://www.ibm.com/support/pages/node/7183370

vendor-advisory

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2025
Vulnerability Reserved
Nov 30, 2024