An IBM MQ Explorer Vulnerability has been addressed.
Summary
The IBM MQ Explorer vulnerability announced on August 18, 2022, a vulnerability to an XML External Entity Injection (XXE) attack due to improper XML validation in the import Wizard, has been addressed with a fix pack.
IBM MQ Explorer Vulnerability Details
CVEID: CVE-2022-22489
DESCRIPTION: IBM MQ is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226339 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)Affected Products and Versions
Affected Product(s) Version(s) IBM MQ 9.1 LTS IBM MQ 9.0 LTS IBM MQ 8.0 IBM MQ 9.2 CD IBM MQ 9.1 CD IBM MQ 9.2 LTS Remediation/Fixes
This IBM MQ Explorer vulnerability was resolved under APAR IT39183Workarounds and Mitigations
None[…]
Click here for remediation by version at www.ibm.com
Click here to learn about a secure, cloud-ready, single-interface solution for administration, monitoring, synthetic transactions, user Auditing, and in-depth analytics of your IBM MQ environment.
More Infrared360® Resources