Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM120B778141936E84A454674D4E9F6FFABA966648C152DB3DA7E1E1F35067AE74
HistoryMay 25, 2022 - 9:24 a.m.

Security Bulletin: IBM MQ can be incorrectly configured to prevent required authorization checks (CVE-2022-22316)

2022-05-2509:24:59
www.ibm.com
10

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

32.8%

JSON

Summary

An issue was identified within the IBM MQ queue manager logic that meant improper authorization checks were performed when incorrect settings were configured for IBM MQ Clustering.

Vulnerability Details

CVEID:CVE-2022-22316
**DESCRIPTION:**IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218276 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ 9.1 LTS
IBM MQ 9.0 LTS
IBM MQ 8.0
IBM MQ 9.2 CD
IBM MQ 9.1 CD
IBM MQ 9.2 LTS

Remediation/Fixes

This issue was resolved under APAR IT39558

IBM MQ version 8

Apply the Cumulative Security Update 2 patch for IBM MQ version 8.0.0.16

IBM MQ version 9

Apply FixPack 9.0.0.13

IBM MQ version 9.1 LTS

Apply FixPack 9.1.0.11

IBM MQ version 9.2 LTS

Apply FixPack 9.2.0.5

IBM MQ version 9.1 CD and version 9.2 CD

Upgrade to IBM MQ version 9.2.5 CD

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmqMatch8.0.0
OR
ibmmqMatch9.0.0
OR
ibmmqMatch9.1.0
OR
ibmmqMatch9.2.0
CPENameOperatorVersion
ibm mqeq8.0.0
ibm mqeq9.0.0
ibm mqeq9.1.0
ibm mqeq9.2.0

Related

cvelist 1
prion 1
nvd 1
cve 1
ibm 2
veracode 1
cvelist
cvelist
CVE-2022-22316
2022-03-18 00:00:00
prion
prion
Authorization
2022-03-23 17:15:00
nvd
nvd
CVE-2022-22316
2022-03-23 17:15:07
cve
cve
CVE-2022-22316
2022-03-23 17:15:07
ibm
ibm
Security Bulletin: IBM MQ for HP NonStop Server is affected by vulnerability CVE-2022-22316
2022-05-12 19:51:18
Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2022-22316)
2022-03-19 00:09:52
veracode
veracode
Denial Of Service (DoS)
2022-03-24 05:51:38

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

32.8%

JSON
Related for 120B778141936E84A454674D4E9F6FFABA966648C152DB3DA7E1E1F35067AE74
cvelist1prion1nvd1cve1ibm2veracode1