Lucene search

IBM60B9749DEFF4C7BBFE8BA3BCC13C3D9882BC16B307C110FAD4B166D972A2F51C

HistoryJul 12, 2022 - 11:40 p.m.

Security Bulletin: IBM MQ Appliance is affected by an improper validation vulnerability (CVE-2021-38910)

2022-07-1223:40:38

www.ibm.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

38.5%

JSON

Summary

IBM MQ Appliance has resolved an improper validation vulnerability.

Vulnerability Details

CVEID:CVE-2021-38910
**DESCRIPTION:**IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209824 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM MQ Appliance	9.2 CD
IBM MQ Appliance	9.2 LTS

Remediation/Fixes

This vulnerability is addressed under IT40352

IBM strongly recommends addressing the vulnerability now.

IBM MQ Appliance version 9.2 LTS

Apply 9.2.0.6 fixpack, or later firmware.

IBM MQ Appliance version 9.2 CD

Upgrade to 9.2.5 CD CSU01, or later firmware.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmmq_applianceMatch9.2.0.0

ibmmq_applianceMatch9.2.0.1

ibmmq_applianceMatch9.2.0.2

ibmmq_applianceMatch9.2.0.3

ibmmq_applianceMatch9.2.0.4

ibmmq_applianceMatch9.2.0.5

ibmmq_applianceMatch9.2.1

ibmmq_applianceMatch9.2.2

ibmmq_applianceMatch9.2.3

ibmmq_applianceMatch9.2.4

ibmmq_applianceMatch9.2.5

CPENameOperatorVersion
ibm mq applianceeq9.2.0.0
ibm mq applianceeq9.2.0.1
ibm mq applianceeq9.2.0.2
ibm mq applianceeq9.2.0.3
ibm mq applianceeq9.2.0.4
ibm mq applianceeq9.2.0.5
ibm mq applianceeq9.2.1
ibm mq applianceeq9.2.2
ibm mq applianceeq9.2.3
ibm mq applianceeq9.2.4

Name	Operator	Version
ibm mq appliance	eq	9.2.0.0
ibm mq appliance	eq	9.2.0.1
ibm mq appliance	eq	9.2.0.2
ibm mq appliance	eq	9.2.0.3
ibm mq appliance	eq	9.2.0.4
ibm mq appliance	eq	9.2.0.5
ibm mq appliance	eq	9.2.1
ibm mq appliance	eq	9.2.2
ibm mq appliance	eq	9.2.3
ibm mq appliance	eq	9.2.4

Rows per page:

1-10 of 111

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

38.5%

JSON

Related for 60B9749DEFF4C7BBFE8BA3BCC13C3D9882BC16B307C110FAD4B166D972A2F51C