IBM MQ Appliance has resolved a code injection vulnerability.
CVEID:CVE-2021-38967
**DESCRIPTION:**IBM MQ Appliance could allow a local privileged user to inject and execute malicious code.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212441 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM MQ Appliance | 9.2 CD |
IBM MQ Appliance | 9.2 LTS |
This vulnerability is addressed by APAR IT38788.
IBM MQ Appliance version 9.2 LTS
Apply fixpack 9.2.0.4, or later firmware.
IBM MQ Appliance version 9.2 CD
Upgrade to 9.2.4 CD, or later firmware.
None