An IBM MQ Explorer Vulnerability has been addressed.
The IBM MQ Explorer vulnerability announced on August 18, 2022, a vulnerability to an XML External Entity Injection (XXE) attack due to improper XML validation in the import Wizard, has been addressed with a fix pack.
IBM MQ Explorer Vulnerability DetailsCVEID: CVE-2022-22489
DESCRIPTION: IBM MQ is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226339 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)
Affected Products and Versions
Affected Product(s) Version(s) IBM MQ 9.1 LTS IBM MQ 9.0 LTS IBM MQ 8.0 IBM MQ 9.2 CD IBM MQ 9.1 CD IBM MQ 9.2 LTS
Remediation/FixesThis IBM MQ Explorer vulnerability was resolved under APAR IT39183
Workarounds and MitigationsNone
Click here for remediation by version at www.ibm.com
Click here to learn about a secure, cloud-ready, single-interface solution for administration, monitoring, synthetic transactions, user Auditing, and in-depth analytics of your IBM MQ environment.