Lucene search

IBM0BF3722467985A5BB0A55B77EE4C71AC40D1C8D584FD669CE0BACD3D2195EF75

HistoryJun 27, 2024 - 3:29 a.m.

Security Bulletin: IBM MQ Appliance vulnerable to open redirect (CVE-2024-29041)

2024-06-2703:29:35

www.ibm.com

ibm mq appliance

open redirect vulnerability

apar it46075

express.js

phishing attacks

cve-2024-29041

firmware updates

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.4%

JSON

Summary

IBM MQ Appliance has addressed an open redirect vulnerability.

Vulnerability Details

CVEID:CVE-2024-29041
**DESCRIPTION:**Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM MQ Appliance	9.3 LTS
IBM MQ Appliance	9.3 CD

Remediation/Fixes

This vulnerability is addressed under APAR IT46075

IBM strongly recommends addressing the vulnerability now.

IBM MQ Appliance version 9.3 LTS

Apply IBM MQ Appliance 9.3.0.20 fix pack, or later firmware.

IBM MQ Appliance version 9.3 CD

Apply IBM MQ Appliance 9.3.5.2 cumulative security update, or later firmware.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmmq_applianceMatch9.3.0.0

ibmmq_applianceMatch9.3.0.

ibmmq_applianceMatch9.3.0.1

ibmmq_applianceMatch9.3.0.2

ibmmq_applianceMatch9.3.0.3

ibmmq_applianceMatch9.3.0.4

ibmmq_applianceMatch9.3.0.5

ibmmq_applianceMatch9.3.0.6

ibmmq_applianceMatch9.3.0.10

ibmmq_applianceMatch9.3.0.11

ibmmq_applianceMatch9.3.0.15

ibmmq_applianceMatch9.3.0.16

ibmmq_applianceMatch9.3.0.17

ibmmq_applianceMatch9.3.1.0

ibmmq_applianceMatch9.3.1.1

ibmmq_applianceMatch9.3.2.0

ibmmq_applianceMatch9.3.2.1

ibmmq_applianceMatch9.3.3.0

ibmmq_applianceMatch9.3.3.1

ibmmq_applianceMatch9.3.4.0

ibmmq_applianceMatch9.3.4.1

ibmmq_applianceMatch9.3.5.0

ibmmq_applianceMatch9.3.5.1

CPENameOperatorVersion
ibm mq applianceeq9.3.0.0
ibm mq applianceeq9.3.0.
ibm mq applianceeq9.3.0.1
ibm mq applianceeq9.3.0.2
ibm mq applianceeq9.3.0.3
ibm mq applianceeq9.3.0.4
ibm mq applianceeq9.3.0.5
ibm mq applianceeq9.3.0.6
ibm mq applianceeq9.3.0.10
ibm mq applianceeq9.3.0.11

Name	Operator	Version
ibm mq appliance	eq	9.3.0.0
ibm mq appliance	eq	9.3.0.
ibm mq appliance	eq	9.3.0.1
ibm mq appliance	eq	9.3.0.2
ibm mq appliance	eq	9.3.0.3
ibm mq appliance	eq	9.3.0.4
ibm mq appliance	eq	9.3.0.5
ibm mq appliance	eq	9.3.0.6
ibm mq appliance	eq	9.3.0.10
ibm mq appliance	eq	9.3.0.11