IBM65E03616CA1880A5F4558CDFDBA0CB59FD01B5A347884909185B146C47690A3BSecurity Bulletin: IBM MQ Appliance could allow a local attacker to obtain sensitive information. (CVE-2019-4719)
0.0004 Low
EPSS
Percentile
5.1%
Summary
IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.
Vulnerability Details
CVEID:CVE-2019-4719
**DESCRIPTION:**IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172124 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Appliance | 8.0 |
| IBM MQ Appliance | 9.1 LTS |
| IBM MQ Appliance | 9.1 CD |
Remediation/Fixes
IBM MQ and IBM MQ Appliance V8
Apply FixPack 8.0.0.14
IBM MQ and IBM MQ Appliance V9.1 LTS
Apply FixPack 9.1.0.4
IBM MQ and IBM MQ Appliance V9.1 CD
Apply FixPack 9.1.4
Workarounds and Mitigations
Avoid use of the -ftppassword parameter to runmqras.
Related
0.0004 Low
EPSS
Percentile
5.1%