Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3BC013258BE0EB23CA81174D1EADFA3384D1DEB691381A21F66C19C06A47F04C
HistoryJan 25, 2023 - 3:18 p.m.

Security Bulletin: IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. (CVE-2022-31772)

2023-01-2515:18:56
www.ibm.com
73

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

28.9%

JSON

Summary

IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels.

Vulnerability Details

CVEID:CVE-2022-31772
**DESCRIPTION:**IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228335 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ 9.1 LTS
IBM MQ 9.0 LTS
IBM MQ 8.0
IBM MQ 9.2 CD
IBM MQ 9.1 CD
IBM MQ 9.2 LTS

The following installable MQ components are affected by the vulnerability:

β€’Telemetry Service

If you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see <https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins&gt;

Remediation/Fixes

This issue was resolved under APAR IT33206.

IBM MQ Version 8.0

Apply iFix for APAR IT33206

IBM MQ Version 9.0 LTS

Apply iFix for APAR IT33206

IBM MQ Version 9.1 LTS

Apply FixPack 9.1.0.12

IBM MQ Version 9.2 LTS

Apply Fixpack 9.2.0.6

**IBM MQ Version 9.3 LTS **

Apply Fixpack 9.3.0.1

IBM MQ Version 9.1, 9.2 & 9.3 CD

Upgrade to IBM MQ 9.3.0 and apply FixPack 9.3.0.1

Workarounds and Mitigations

None

Related

nessus 1
cnvd 1
cve 1
prion 1
ibm 3
nessus
nessus
IBM MQ Authenticated DoS (6833806)
2022-11-10 00:00:00
cnvd
cnvd
IBM MQ Input Validation Error Vulnerability (CNVD-2023-08771)
2022-11-06 00:00:00
cve
cve
CVE-2022-31772
2022-11-11 19:15:00
prion
prion
Code injection
2022-11-11 19:15:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-31772
2022-11-08 11:12:19
Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues
2023-01-31 14:18:52
Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple issues due to IBM MQ.
2023-02-09 19:13:22

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

28.9%

JSON
Related for 3BC013258BE0EB23CA81174D1EADFA3384D1DEB691381A21F66C19C06A47F04C
nessus1cnvd1cve1prion1ibm3