Most Recent Security Vulnerabilities for IBM MQ

IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7. (CVE-2021-35603)

Summary

IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 used by IBM MQ Internet Pass-Thru.

Vulnerability Details

CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions Affected Product(s) Version(s) IBM WebSphere Internet Pass-Thru 2.1 […]

 

Click here to view original web page at www.ibm.com

 

IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7. (CVE-2021-35550)

Summary

IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 used by IBM MQ Internet Pass-Thru.

 

Vulnerability Details

CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

 

Affected Products and Versions Affected Product(s) Version(s) IBM WebSphere Internet Pass-Thru 2.1 […]

 

Click here to view original web page at www.ibm.com

 

IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7. (CVE-2022-21496)

Summary

IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 used by IBM MQ Internet Pass-Thru.

Vulnerability Details

CVEID: CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224777 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions Affected Product(s) Version(s) IBM WebSphere Internet Pass-Thru 2.1 […]

 

Click here to view original web page at www.ibm.com

 

IBM MQ is vulnerable to multiple issues within IBM® Runtime Environment Java™ Technology Edition, Version 8 (CVE-2021-35603, CVE-2022-21305, CVE-2022-21291, CVE-2021-35550)

Summary

Multiple issues were identified with the version of IBM® Runtime Environment Java™ Technology Edition that is shipped with IBM MQ that affect IBM MQ.

Vulnerability Details

CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID:

CVE-2022-21305 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217600 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID:

CVE-2022-21291 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217586 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID:

CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions Affected Product(s) Version(s) IBM MQ 9.1 LTS IBM MQ 9.0 LTS IBM MQ 8.0 IBM MQ 9.2 CD IBM MQ 9.1 CD IBM MQ 9.2 LTS […]

 

Click here to view original web page at www.ibm.com

 

When assessing vulnerability risks you need to include an Inside-Out approach. Infrared360 can help you mitigate inside-out IBM MQ vulnerabilities, and all your middleware inside-out vulnerabilities – while giving your middleware team smarter, easier, tools for optimizing performance and meeting SLAs. Check out the information below or our Infrared360 overview.

By |2022-07-18T14:57:13-04:00July 14th, 2022|Infrared360® Blog|0 Comments

Share This Story, Choose Your Platform!

About the Author:

Go to Top