IBM MQ Explorer Vulnerability Closed

An IBM MQ Explorer Vulnerability has been addressed. 

Summary

The IBM MQ Explorer vulnerability announced on August 18, 2022, a vulnerability to an XML External Entity Injection (XXE) attack due to improper XML validation in the import Wizard, has been addressed with a fix pack.

IBM MQ Explorer Vulnerability Details

CVEID:   CVE-2022-22489
DESCRIPTION:   IBM MQ is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226339 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ 9.1 LTS
IBM MQ 9.0 LTS
IBM MQ 8.0
IBM MQ 9.2 CD
IBM MQ 9.1 CD
IBM MQ 9.2 LTS

Remediation/Fixes

This IBM MQ Explorer vulnerability was resolved under APAR IT39183

Workarounds and Mitigations

None

[…]

 

Click here for remediation by version at www.ibm.com

Click here to learn about a secure, cloud-ready, single-interface solution for administration, monitoring, synthetic transactions, user Auditing, and in-depth analytics of your IBM MQ environment.

By |2022-08-23T16:29:37-04:00August 23rd, 2022|Infrared360® Blog|

About the Author:

Go to Top