Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD56E6FD66F06197FCB0C5161D8AF8531F984F39D06EC4AF1689BEDA3D4C95F8A
HistoryMay 12, 2022 - 7:54 p.m.

Security Bulletin: IBM MQ for HP NonStop Server is affected by vulnerability CVE-2022-22325

2022-05-1219:54:35
www.ibm.com
28
ibm mq
hpe nonstop
vulnerability disclosure
plaintext password
stack trace
fixpack 8.1.0.10

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

5.1%

JSON

Summary

A queue manager trace may disclose a plaintext password flowing over an MQ channel. The issue is described by CVE-2022-22325

Vulnerability Details

CVEID:CVE-2022-22325
**DESCRIPTION:**IBM MQ can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218853 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ for HPE NonStop 8.1.0

Remediation/Fixes

IBM MQ V8.1 for HPE NonStop 8.1.0.10 IT40789 Upgrade to Fixpack 8.1.0.10

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmq_for_hpe_nonstopMatch8.1
OR
ibmmq_for_hpe_nonstopMatch8.1
VendorProductVersionCPE
ibmmq_for_hpe_nonstop8.1cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1:*:*:*:*:*:*:*

Related

cnvd 1
nessus 1
cvelist 1
prion 1
ibm 2
cve 1
nvd 1
cnvd
cnvd
IBM MQ for HPE NonStop Information Disclosure Vulnerability
2022-05-17 00:00:00
nessus
nessus
IBM MQ 8.0 <= 8.0.0.16 / 9.0 < 9.0.0.13 / 9.1 < 9.1.0.11 LTS / 9.1 < 9.2.5 CD / 9.2 LTS (6587837)
2022-07-11 00:00:00
cvelist
cvelist
CVE-2022-22325
2022-05-13 16:15:18
prion
prion
Information disclosure
2022-05-13 17:15:00
ibm
ibm
Security Bulletin: IBM MQ trace can inadvertently trace sensitive data (CVE-2022-22325)
2022-05-25 09:25:39
Security Bulletin: IBM MQ Appliance is affected by sensitive information disclosure vulnerability (CVE-2022-22325)
2022-05-25 09:23:51
cve
cve
CVE-2022-22325
2022-05-13 17:15:07
nvd
nvd
CVE-2022-22325
2022-05-13 17:15:07

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

5.1%

JSON
Related for D56E6FD66F06197FCB0C5161D8AF8531F984F39D06EC4AF1689BEDA3D4C95F8A
cnvd1nessus1cvelist1prion1ibm2cve1nvd1