New IBM MQ Explorer Vulnerability
A new IBM MQ Explorer vulnerability has been announced. MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack due to improper XML validation in the import Wizard.
CVE(s): CVE-2022-22489
Affected product(s) and affected version(s):
Affected Product(s) Version(s) IBM MQ 9.1 LTS IBM MQ 9.0 LTS IBM MQ 8.0 IBM MQ 9.2 CD IBM MQ 9.1 CD IBM MQ 9.2 LTS
Refer to the following reference URLs for remediation and additional IBM MQ vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6613021
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/226339[…]
Click here to view original web page at www.ibm.com
Click here to read about an alternative to IBM Explorer that lets you automate administration, get automated alerts and notifications, and integrate with central Enterprise consoles without scripts or agents.