Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM11F2A5C376E0F4FD6CCE3652272C2411F5100DE34D82E69A281E97CB4C38DB94
HistoryMay 25, 2022 - 9:23 a.m.

Security Bulletin: IBM MQ Appliance is affected by sensitive information disclosure vulnerability (CVE-2022-22325)

2022-05-2509:23:51
www.ibm.com
11
ibm mq
appliance
sensitive information disclosure
vulnerability
cve-2022-22325
resolved
security bulletin
affected products
versions
remediation
it40099
interim fix
firmaware
upgrade

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

5.1%

JSON

Summary

IBM MQ Appliance has resolved a sensitive information disclosure vulnerability.

Vulnerability Details

CVEID:CVE-2022-22325
**DESCRIPTION:**IBM MQ can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218853 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ Appliance 9.2 CD
IBM MQ Appliance 9.2 LTS

Remediation/Fixes

This vulnerability is addressed under IT40099

IBM strongly recommends addressing the vulnerability now.

IBM MQ Appliance version 9.2 LTS

Apply interim fix firmware for APAR IT40099, or later firmware.

IBM MQ Appliance version 9.2 CD

Upgrade to 9.2.5 CD, or later firmware.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmq_applianceMatch9.2.0.0
OR
ibmmq_applianceMatch9.2.0.1
OR
ibmmq_applianceMatch9.2.0.2
OR
ibmmq_applianceMatch9.2.0.3
OR
ibmmq_applianceMatch9.2.0.4
OR
ibmmq_applianceMatch9.2.0.5
OR
ibmmq_applianceMatch9.2.1
OR
ibmmq_applianceMatch9.2.2
OR
ibmmq_applianceMatch9.2.3
OR
ibmmq_applianceMatch9.2.4
VendorProductVersionCPE
ibmmq_appliance9.2.0.0cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:*:*:*:*
ibmmq_appliance9.2.0.1cpe:2.3:a:ibm:mq_appliance:9.2.0.1:*:*:*:*:*:*:*
ibmmq_appliance9.2.0.2cpe:2.3:a:ibm:mq_appliance:9.2.0.2:*:*:*:*:*:*:*
ibmmq_appliance9.2.0.3cpe:2.3:a:ibm:mq_appliance:9.2.0.3:*:*:*:*:*:*:*
ibmmq_appliance9.2.0.4cpe:2.3:a:ibm:mq_appliance:9.2.0.4:*:*:*:*:*:*:*
ibmmq_appliance9.2.0.5cpe:2.3:a:ibm:mq_appliance:9.2.0.5:*:*:*:*:*:*:*
ibmmq_appliance9.2.1cpe:2.3:a:ibm:mq_appliance:9.2.1:*:*:*:*:*:*:*
ibmmq_appliance9.2.2cpe:2.3:a:ibm:mq_appliance:9.2.2:*:*:*:*:*:*:*
ibmmq_appliance9.2.3cpe:2.3:a:ibm:mq_appliance:9.2.3:*:*:*:*:*:*:*
ibmmq_appliance9.2.4cpe:2.3:a:ibm:mq_appliance:9.2.4:*:*:*:*:*:*:*

Related

cnvd 1
nessus 1
cvelist 1
prion 1
ibm 2
cve 1
nvd 1
cnvd
cnvd
IBM MQ for HPE NonStop Information Disclosure Vulnerability
2022-05-17 00:00:00
nessus
nessus
IBM MQ 8.0 <= 8.0.0.16 / 9.0 < 9.0.0.13 / 9.1 < 9.1.0.11 LTS / 9.1 < 9.2.5 CD / 9.2 LTS (6587837)
2022-07-11 00:00:00
cvelist
cvelist
CVE-2022-22325
2022-05-13 16:15:18
prion
prion
Information disclosure
2022-05-13 17:15:00
ibm
ibm
Security Bulletin: IBM MQ trace can inadvertently trace sensitive data (CVE-2022-22325)
2022-05-25 09:25:39
Security Bulletin: IBM MQ for HP NonStop Server is affected by vulnerability CVE-2022-22325
2022-05-12 19:54:35
cve
cve
CVE-2022-22325
2022-05-13 17:15:07
nvd
nvd
CVE-2022-22325
2022-05-13 17:15:07

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

5.1%

JSON
Related for 11F2A5C376E0F4FD6CCE3652272C2411F5100DE34D82E69A281E97CB4C38DB94
cnvd1nessus1cvelist1prion1ibm2cve1nvd1