Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME9C059CFA13C0AD6A4EC00A3C6590B468605F468979CC2426C62A87B083B5FA2
HistoryFeb 02, 2023 - 12:42 p.m.

Security Bulletin: IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. (CVE-2022-42436)

2023-02-0212:42:45
www.ibm.com
38
ibm
mq
managed file transfer
sensitive information
disclosure
cve-2022-42436
diagnostic files
local user
security bulletin

4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

An issue was identified with IBM MQ Managed File Transfer where sensitive information was printed within diagnostics files.

Vulnerability Details

CVEID:CVE-2022-42436
**DESCRIPTION:**IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238206 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ 8.0
IBM MQ 9.0 LTS
IBM MQ 9.1 CD
IBM MQ 9.1 LTS
IBM MQ 9.2 CD
IBM MQ 9.2 LTS
IBM MQ 9.3 CD
IBM MQ 9.3 LTS

The following installable MQ components are affected by the vulnerability:
ā€¢ Managed File Transfer

If you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see <https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins&gt;

Remediation/Fixes

This issue was resolved under APAR IT42204.

IBM MQ version 8.0

Apply iFix for APAR IT42204

IBM MQ Version 9.0 LTS

Apply CSU 9.0.0.14

IBM MQ Version 9.1 LTS

Apply CSU 9.1.0.13

IBM MQ Version 9.2 LTS

Apply FixPack 9.2.0.7

IBM MQ Version 9.3 LTS

Apply FixPack 9.3.0.2

IBM MQ 9.1 CD and IBM MQ 9.2 CD and IBM MQ 9.3 CD

Upgrade to IBM MQ 9.3.1.1

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmqMatch8.0.0
OR
ibmmqMatch9.0.0
OR
ibmmqMatch9.1.0
OR
ibmmqMatch9.2.0
OR
ibmmqMatch9.3.0

Related

nvd 1
cvelist 1
veracode 1
nessus 1
prion 1
cve 1
ibm 3
nvd
nvd
CVE-2022-42436
2023-02-12 04:15:15
cvelist
cvelist
CVE-2022-42436 IBM MQ information disclosure
2023-02-08 19:28:52
veracode
veracode
Information Disclosure
2023-02-21 11:32:10
nessus
nessus
IBM MQ Information Disclosure (6909467)
2023-02-08 00:00:00
prion
prion
Design/Logic Flaw
2023-02-12 04:15:00
cve
cve
CVE-2022-42436
2023-02-12 04:15:15
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use FTE nodes may be vulnerable to loss of confidentiality due to [CVE-2022-42436]
2023-04-28 11:42:04
Security Bulletin: IBM Sterling B2B Integrator vulnerable to sensitive information exposure due to IBM MQ (CVE-2022-42436)
2023-03-16 16:26:43
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a local user accessing sensitive information due to IBM MQ Managed File Transfer and Apache Commons Net (CVE-2021-37533, CVE-2022-42436, CVE-2022-43919)
2023-06-09 15:37:32

4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for E9C059CFA13C0AD6A4EC00A3C6590B468605F468979CC2426C62A87B083B5FA2
nvd1cvelist1veracode1nessus1prion1cve1ibm3