IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7. (CVE-2021-35603)
Summary
IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 used by IBM MQ Internet Pass-Thru.
Vulnerability Details
CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions Affected Product(s) Version(s) IBM WebSphere Internet Pass-Thru 2.1 […]
Click here to view original web page at www.ibm.com
IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7. (CVE-2021-35550)
Summary
IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 used by IBM MQ Internet Pass-Thru.
Vulnerability Details
CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions Affected Product(s) Version(s) IBM WebSphere Internet Pass-Thru 2.1 […]
Click here to view original web page at www.ibm.com
IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7. (CVE-2022-21496)
Summary
IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 used by IBM MQ Internet Pass-Thru.
Vulnerability Details
CVEID: CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224777 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions Affected Product(s) Version(s) IBM WebSphere Internet Pass-Thru 2.1 […]
Click here to view original web page at www.ibm.com
IBM MQ is vulnerable to multiple issues within IBM® Runtime Environment Java™ Technology Edition, Version 8 (CVE-2021-35603, CVE-2022-21305, CVE-2022-21291, CVE-2021-35550)
Summary
Multiple issues were identified with the version of IBM® Runtime Environment Java™ Technology Edition that is shipped with IBM MQ that affect IBM MQ.
Vulnerability Details
CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID:
CVE-2022-21305 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217600 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID:
CVE-2022-21291 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217586 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID:
CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions Affected Product(s) Version(s) IBM MQ 9.1 LTS IBM MQ 9.0 LTS IBM MQ 8.0 IBM MQ 9.2 CD IBM MQ 9.1 CD IBM MQ 9.2 LTS […]
Click here to view original web page at www.ibm.com
When assessing vulnerability risks you need to include an Inside-Out approach. Infrared360 can help you mitigate inside-out IBM MQ vulnerabilities, and all your middleware inside-out vulnerabilities – while giving your middleware team smarter, easier, tools for optimizing performance and meeting SLAs. Check out the information below or our Infrared360 overview.
More Infrared360® Resources