Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2022-22316)

2022-03-1900:09:52

www.ibm.com

0.001 Low

EPSS

Percentile

32.8%

JSON

Summary

IBM MQ Appliance has resolved a denial of service vulnerability.

Vulnerability Details

CVEID:CVE-2022-22316
**DESCRIPTION:**IBM MQ could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218276 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM MQ Appliance	9.2 CD
IBM MQ Appliance	9.2 LTS

Remediation/Fixes

This vulnerability is addressed under APAR IT39558.

IBM strongly recommends addressing the vulnerability now.

IBM MQ Appliance version 9.2 LTS

Apply fixpack 9.2.0.5, or later firmware.

IBM MQ Appliance version 9.2 CD

Upgrade to 9.2.5 CD, or later firmware.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm mq applianceeq9.2.0.0
ibm mq applianceeq9.2.0.1
ibm mq applianceeq9.2.0.2
ibm mq applianceeq9.2.0.3
ibm mq applianceeq9.2.0.4
ibm mq applianceeq9.2.1
ibm mq applianceeq9.2.2
ibm mq applianceeq9.2.3
ibm mq applianceeq9.2.4

Name	Operator	Version
ibm mq appliance	eq	9.2.0.0
ibm mq appliance	eq	9.2.0.1
ibm mq appliance	eq	9.2.0.2
ibm mq appliance	eq	9.2.0.3
ibm mq appliance	eq	9.2.0.4
ibm mq appliance	eq	9.2.1
ibm mq appliance	eq	9.2.2
ibm mq appliance	eq	9.2.3
ibm mq appliance	eq	9.2.4

0.001 Low

EPSS

Percentile

32.8%

JSON

Related for ADFB804C7330AD8335ACD3B75D19F9F89AE18141A72F5E266A8F075B0C814310