Security Bulletin: IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. (CVE-2019-4619)

2020-04-2209:21:35

www.ibm.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace.

Vulnerability Details

CVEID:CVE-2019-4619
**DESCRIPTION:**IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168862 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM MQ Appliance	8.0
IBM MQ Appliance	9.1 LTS
IBM MQ Appliance	9.1 CD

Remediation/Fixes

IBM MQ Appliance V8
Apply FixPack 8.0.0.14

IBM MQ Appliance V9.1 LTS
Apply FixPack 9.1.0.4

IBM MQ Appliance V9.1 CD
Apply FixPack 9.1.4

Workarounds and Mitigations

Avoid use of the -ftppassword parameter to runmqras.

CPENameOperatorVersion
ibm mq applianceeq8.0.0.0
ibm mq applianceeq8.0.0.1
ibm mq applianceeq8.0.0.3
ibm mq applianceeq8.0.0.4
ibm mq applianceeq8.0.0.5
ibm mq applianceeq8.0.0.6
ibm mq applianceeq8.0.0.7
ibm mq applianceeq8.0.0.9
ibm mq applianceeq8.0.0.10
ibm mq applianceeq8.0.0.11

Name	Operator	Version
ibm mq appliance	eq	8.0.0.0
ibm mq appliance	eq	8.0.0.1
ibm mq appliance	eq	8.0.0.3
ibm mq appliance	eq	8.0.0.4
ibm mq appliance	eq	8.0.0.5
ibm mq appliance	eq	8.0.0.6
ibm mq appliance	eq	8.0.0.7
ibm mq appliance	eq	8.0.0.9
ibm mq appliance	eq	8.0.0.10
ibm mq appliance	eq	8.0.0.11

Rows per page:

1-10 of 191

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for 933C1F40866D7064B662AB24E608909EF5EB40587A844C871D6F139E27DD6514