IBM MQ Explorer Vulnerability

By |Published On: June 7th, 2024|2 min read|
Table of Contents

9/5/2024 – IBM MQ Explorer Vulnerability.

IBM has identified a critical MQ Explorer vulnerability linked to the IBM Semeru Runtime, flagged as CVE-2024-21085. This security issue could allow a remote attacker to disrupt system availability by exploiting the Java SE Virtual Machine component. The vulnerability affects IBM MQ versions 9.3 CD and 9.4 CD. To mitigate this risk, IBM recommends applying the interim fix provided under APAR IT46487.

Organizations using IBM MQ should prioritize addressing this MQ Explorer vulnerability to ensure system security. For more information, visit the IBM Security Bulletin.

Click here to learn about a secure, cloud-ready, single-interface solution for administration, monitoring, synthetic transactions, user Auditing, and in-depth analytics of your IBM MQ environment.

8/18/2022 – IBM MQ Explorer Vulnerability

Summary

The IBM MQ Explorer vulnerability announced on August 18, 2022, a vulnerability to an XML External Entity Injection (XXE) attack due to improper XML validation in the import Wizard, has been addressed with a fix pack.

IBM MQ Explorer Vulnerability Details

CVEID: CVE-2022-22489
DESCRIPTION: IBM MQ is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226339 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ 9.1 LTS
IBM MQ 9.0 LTS
IBM MQ 8.0
IBM MQ 9.2 CD
IBM MQ 9.1 CD
IBM MQ 9.2 LTS

Remediation/Fixes

This IBM MQ Explorer vulnerability was resolved under APAR IT39183

Workarounds and Mitigations

None

Click here to learn about a secure, cloud-ready, single-interface solution for administration, monitoring, synthetic transactions, user Auditing, and in-depth analytics of your IBM MQ environment.

08/22/2022 – CVE-2022-22489 IBM MQ Explorer Vulnerability

A new IBM MQ Explorer vulnerability has been announced. MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack due to improper XML validation in the import Wizard.

CVE(s): CVE-2022-22489

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM MQ 9.1 LTS
IBM MQ 9.0 LTS
IBM MQ 8.0
IBM MQ 9.2 CD
IBM MQ 9.1 CD
IBM MQ 9.2 LTS

Refer to the following reference URLs for remediation and additional IBM MQ vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6613021
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/226339

Click here to learn about a secure, cloud-ready, single-interface solution for administration, monitoring, synthetic transactions, user Auditing, and in-depth analytics of your IBM MQ environment.

More Infrared360® Resources

About the Author: Scott Treggiari

Go to Top