Lucene search

K
ibmIBM4CBD7854A4B805AFB7141C834B70D71950B061B39CD9568C6A9B0865C04FECE2
HistoryDec 02, 2022 - 6:12 a.m.

Security Bulletin: IBM MQ Internet Pass-Thru traces sensitive data (CVE-2022-35719)

2022-12-0206:12:01
www.ibm.com
36
ibm mq
internet pass-thru
cve-2022-35719
sensitive data
trace files
vulnerability
fixpack
apar it41700
upgrade

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

5.1%

Summary

An issue was found within IBM MQ Internet Pass-Thru which causes sensitive data to be written to trace files when trace is enabled.

Vulnerability Details

CVEID:CVE-2022-35719
**DESCRIPTION:**IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231370 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ Internet Pass-Thru 2.1
IBM MQ Internet Pass-Thru 9.2 CD
IBM MQ Internet Pass-Thru 9.2 LTS

Remediation/Fixes

IBM MQ Internet Pass-Thru 2.1

Note: MQ IPT 2.1.0.6 is provided on Solaris platforms only, for users with appropriate extended support entitlement. Contact IBM support to obtain the installation files for MQIPT 2.1.0.6 on Solaris. Users of MQ IPT 2.1 on all other platforms should migrate to one of the MQ IPT 9.2 levels listed below (or later).

IBM MQ Internet Pass-Thru 9.2 LTS

IBM MQ Internet Pass-Thru 9.2 CD

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmqMatch2.1.0
OR
ibmmqMatch9.2

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

5.1%

Related for 4CBD7854A4B805AFB7141C834B70D71950B061B39CD9568C6A9B0865C04FECE2