Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMADE17D6496E5CECE507CE673C79B5E20B40630AADC461C390CF2376570F50564
HistorySep 27, 2022 - 1:13 p.m.

Security Bulletin: IBM MQ Blockchain bridge is vulnerable to an issue within fabric gateway (CVE-2022-24329)

2022-09-2713:13:18
www.ibm.com
15

0.001 Low

EPSS

Percentile

32.7%

JSON

Summary

An issue was identified within the JetBrains Kotlin library that is used by Fabric Gateway. IBM MQ uses Fabric Gateway to provide blockchain bridge support.

Vulnerability Details

CVEID:CVE-2022-24329
**DESCRIPTION:**JetBrains Kotlin could provide weaker than expected security, caused by failing to lock dependencies for Multiplatform Gradle Projects. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/220617 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ 9.3 CD
IBM MQ 9.3 LTS
IBM MQ 9.2 LTS
IBM MQ 9.2 CD

Remediation/Fixes

This issue was resolved under APAR IT41568.

IBM MQ 9.2 LTS

Apply FixPack 9.2.0.6

IBM MQ 9.3 LTS

Apply FixPack 9.3.0.1

IBM MQ 9.2 CD and 9.3 CD

Upgrade to IBM MQ 9.3.0 and apply FixPack 9.3.0.1

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm mqeq9.2.0
ibm mqeq9.3.0

Related

prion 1
ubuntucve 1
debiancve 1
ibm 9
cve 1
redhatcve 1
osv 1
cvelist 1
veracode 1
github 1
nessus 2
jetbrains 1
oracle 5
prion
prion
Code injection
2022-02-25 15:15:00
ubuntucve
ubuntucve
CVE-2022-24329
2022-02-25 00:00:00
debiancve
debiancve
CVE-2022-24329
2022-02-25 15:15:00
ibm
ibm
Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to JetBrains Kotlin weak security [CVE-2022-24329]
2023-08-07 06:13:48
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Kotlin
2022-04-27 14:53:48
Security Bulletin: Multiple Vulnerabilities in Cloud Pak for Watson AIOPs
2022-10-03 18:44:01
cve
cve
CVE-2022-24329
2022-02-25 15:15:00
redhatcve
redhatcve
CVE-2022-24329
2022-04-11 19:55:44
osv
osv
Improper Locking in JetBrains Kotlin
2022-02-26 00:00:43
cvelist
cvelist
CVE-2022-24329
2022-02-25 14:35:03
veracode
veracode
Improper Dependency Locking
2022-10-21 12:20:51
github
github
Improper Locking in JetBrains Kotlin
2022-02-26 00:00:43
nessus
nessus
Oracle Access Manager (Apr 2024 CPU)
2024-04-19 00:00:00
Oracle Business Intelligence Publisher (OAS) (Jan 2023 CPU)
2023-01-24 00:00:00
jetbrains
jetbrains
JetBrains Security Bulletin Q4 2021
2022-02-08 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00

0.001 Low

EPSS

Percentile

32.7%

JSON
Related for ADE17D6496E5CECE507CE673C79B5E20B40630AADC461C390CF2376570F50564
prion1ubuntucve1debiancve1ibm9cve1redhatcve1osv1cvelist1veracode1github1nessus2jetbrains1oracle5