An issue was identified within the JetBrains Kotlin library that is used by Fabric Gateway. IBM MQ uses Fabric Gateway to provide blockchain bridge support.
CVEID:CVE-2022-24329
**DESCRIPTION:**JetBrains Kotlin could provide weaker than expected security, caused by failing to lock dependencies for Multiplatform Gradle Projects. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/220617 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM MQ | 9.3 CD |
IBM MQ | 9.3 LTS |
IBM MQ | 9.2 LTS |
IBM MQ | 9.2 CD |
This issue was resolved under APAR IT41568.
IBM MQ 9.2 LTS
IBM MQ 9.3 LTS
IBM MQ 9.2 CD and 9.3 CD
Upgrade to IBM MQ 9.3.0 and apply FixPack 9.3.0.1
None