CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:M/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
62.0%
IBM MQ Appliance has addressed GNU GnuTLS exposure of sensitive information vulnerabilities.
**CVEID:**CVE-2023-5981 DESCRIPTION: GNU GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing sidechannel issue during RSA-PSK key exchange. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271914 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
**CVEID:**CVE-2024-0553 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive information. By perform a timing side-channel attack in the RSA-PSK key exchange, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279606 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM MQ Appliance | 9.3 LTS |
IBM MQ Appliance | 9.3 CD |
IBM MQ Appliance | 9.4 LTS |
This vulnerability is addressed under APAR IT46613
IBM strongly recommends addressing the vulnerability now.
IBM MQ Appliance version 9.3 LTS
Apply IBM MQ Appliance fix pack 9.3.0.21, or later firmware.
IBM MQ Appliance version 9.3 CD
Upgrade to IBM MQ Appliance fix pack 9.4.0.5, or later firmware.
IBM MQ Appliance version 9.4 LTS
Apply IBM MQ Appliance fix pack 9.4.0.5, or later firmware.
Only applicable to IBM MQ Appliances configured in a High Availability group.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | mq_appliance | 9.3.0.0 | cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:*:*:*:* |
ibm | mq_appliance | 9.3.0. | cpe:2.3:a:ibm:mq_appliance:9.3.0.:*:*:*:*:*:*:* |
ibm | mq_appliance | 9.3.0.1 | cpe:2.3:a:ibm:mq_appliance:9.3.0.1:*:*:*:*:*:*:* |
ibm | mq_appliance | 9.3.0.2 | cpe:2.3:a:ibm:mq_appliance:9.3.0.2:*:*:*:*:*:*:* |
ibm | mq_appliance | 9.3.0.3 | cpe:2.3:a:ibm:mq_appliance:9.3.0.3:*:*:*:*:*:*:* |
ibm | mq_appliance | 9.3.0.4 | cpe:2.3:a:ibm:mq_appliance:9.3.0.4:*:*:*:*:*:*:* |
ibm | mq_appliance | 9.3.0.5 | cpe:2.3:a:ibm:mq_appliance:9.3.0.5:*:*:*:*:*:*:* |
ibm | mq_appliance | 9.3.0.6 | cpe:2.3:a:ibm:mq_appliance:9.3.0.6:*:*:*:*:*:*:* |
ibm | mq_appliance | 9.3.0.10 | cpe:2.3:a:ibm:mq_appliance:9.3.0.10:*:*:*:*:*:*:* |
ibm | mq_appliance | 9.3.0.11 | cpe:2.3:a:ibm:mq_appliance:9.3.0.11:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:M/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
62.0%