IBM0A32DF2BF398044021EAFDF858602D4F4D5BD3E75CAEC51201C120B45A2CE344Security Bulletin: IBM MQ Appliance is vulnerable to open redirect due to follow-redirects (CVE-2023-26159)
0.001 Low
EPSS
Percentile
20.0%
Summary
Follow-redirects is used by IBM MQ Appliance as part of the MQ Console. CVE-2023-26159.
Vulnerability Details
CVEID:CVE-2023-26159
**DESCRIPTION:**follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/278622 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Appliance | 9.3 LTS |
| IBM MQ Appliance | 9.3 CD |
Remediation/Fixes
This vulnerability is addressed under APAR IT45253
IBM strongly recommends addressing the vulnerability now.
IBM MQ Appliance version 9.3 LTS
Apply IBM MQ Appliance 9.3.0.16 cumulative security update, or later firmware.
IBM MQ Appliance version 9.3 CD
Apply IBM MQ Appliance 9.3.5 Continuous Delivery release, or later firmware.
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
20.0%