An IBM MQ Vulnerability was identified with the Jackson library that is used within the IBM MQ Console to provide REST API functionality. The issue was announced on June 22, 2022. The Jackson library is only used in IBM MQ Versions 9.2.4 and above.
The description of the issue is as follows:
FasterXML jackson-databind is vulnerable to a denial of service, caused by an error when using JDK serialization to serialize and deserialize JsonNode values. By sending a specially crafted request, an attacker could exploit this vulnerability to cause a denial of service.
This issue was resolved under APAR IT40453, for IBM MQ Version 9.2.4 CD and IBM MQ Version 9.2.5 CD you must upgrade to Version 9.3.
IBM says there are no workarounds and mitigations, the only solution is to upgrade.
Trusted Spaces for Smart, Secure IBM MQ Administration.
Security is critical for your enterprise messaging and integration environment. Infrared360’s unique Trusted Spaces™ feature lets you keep users seeing and working only in the areas they should and promotes secure collaboration across departments, teams, locations, and partners. This powerful feature set allows or limits visibility to objects such as Queues, Topics, Consumers, Channels, Applications, Flows, and other integration-type server resources according to the “permissions” or “role” of the user. Trusted Spaces enables secure, smart, self-service IT administration to save you and your team effort and time that can be better utilized elsewhere.
Avada Software’s flagship product, Infrared360®, is an IT management portal providing total administration, monitoring, testing, auditing, analytics dashboards, and self-service for cloud, on-prem, or hybrid environments. Get secure, collaborative management of elements across your IT stack like Kafka®, IBM MQ™, IBM IIB™, TIBCO EMS™, WebSphere™, JBoss™, & Apache™, URLs, and SOAP & REST-based web services.
MQ and Event Streams - get the best of both worlds Tue, Sep 13, 2022 11:00 AM EDT SummaryJoin Matt Sunley and Alan Chatt from the IBM Product Management team to discuss the latest innovations in both MQ and [...]
An IBM MQ Explorer Vulnerability has been addressed. Summary The IBM MQ Explorer vulnerability announced on August 18, 2022, a vulnerability to an XML External Entity Injection (XXE) attack due to improper XML validation in the import Wizard, has [...]
Market Share Analysis: Application Infrastructure and Middleware Software, Worldwide, 2021 Published 22 July 2022 - ID G00766441 - 22 min read By Varsha Mehta, Fabrizio Biscotti, and 3 more Initiatives: Technology Market Essentials The AIM software market grew by 13.7% to $45.9 billion in 2021, with [...]
New IBM MQ Explorer Vulnerability A new IBM MQ Explorer vulnerability has been announced. MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack due to improper XML validation in the import Wizard. CVE(s): CVE-2022-22489 Affected product(s) and [...]