An IBM MQ Vulnerability was identified with the Jackson library that is used within the IBM MQ Console to provide REST API functionality. The issue was announced on June 22, 2022. The Jackson library is only used in IBM MQ Versions 9.2.4 and above.

The description of the issue is as follows:

FasterXML jackson-databind is vulnerable to a denial of service, caused by an error when using JDK serialization to serialize and deserialize JsonNode values. By sending a specially crafted request, an attacker could exploit this vulnerability to cause a denial of service.

This issue was resolved under APAR IT40453, for IBM MQ Version 9.2.4 CD and IBM MQ Version 9.2.5 CD you must upgrade to Version 9.3.

IBM says there are no workarounds and mitigations, the only solution is to upgrade.

Trusted Spaces for Smart, Secure IBM MQ Administration.

Security is critical for your enterprise messaging and integration environment. Infrared360’s unique Trusted Spaces™ feature lets you keep users seeing and working only in the areas they should and promotes secure collaboration across departments, teams, locations, and partners. This powerful feature set allows or limits visibility to objects such as Queues, Topics, Consumers, Channels, Applications, Flows, and other integration-type server resources according to the “permissions” or “role” of  the user.  Trusted Spaces enables secure, smart, self-service IT administration to save you and your team effort and time that can be better utilized elsewhere.

Check out our website for more information on Trusted Spaces and how Infrared360 helps you identify IBM MQ Vulnerabilities sooner. Or, see how Parker Hannifin utilized Trusted Spaces to securely improve efficiencies across business units