Lucene search
IBM8E7ABCC6AC14AA0C0051484B8C098D2B0BF06614E0178658C89D2F519F7279B6HistoryNov 29, 2021 - 1:18 p.m.
Security Bulletin: IBM MQ Appliance is affected by a code injection vulnerability (CVE-2021-38967)
2021-11-2913:18:34
www.ibm.com
12
ibm mq appliance
code injection
vulnerability
version 9.2
apar it38788
EPSS
0
Percentile
5.1%
Summary
IBM MQ Appliance has resolved a code injection vulnerability.
Vulnerability Details
CVEID:CVE-2021-38967
**DESCRIPTION:**IBM MQ Appliance could allow a local privileged user to inject and execute malicious code.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212441 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Appliance | 9.2 CD |
| IBM MQ Appliance | 9.2 LTS |
Remediation/Fixes
This vulnerability is addressed by APAR IT38788.
IBM MQ Appliance version 9.2 LTS
Apply fixpack 9.2.0.4, or later firmware.
IBM MQ Appliance version 9.2 CD
Upgrade to 9.2.4 CD, or later firmware.
Workarounds and Mitigations
None
Related
cvelist
cvelist
CVE-2021-38967
2021-11-30 16:45:16
cnvd
cnvd
IBM MQ Appliance has unspecified vulnerabilities
2021-12-01 00:00:00
nvd
nvd
CVE-2021-38967
2021-11-30 17:15:11
prion
prion
Code injection
2021-11-30 17:15:00
cve
cve
CVE-2021-38967
2021-11-30 17:15:11