IBM MQ zero day vulnerability 2022

Hi, there is a high cve reported on mq which is likely to be reviewed and applied the respective patch . here have updated the cve details reported recently all in one .

For CVE-2022-27780 & CVE-2022-30115 … under Summary the following link states “IBM MQ uses libcurl to provide HTTPURL functionality which is only used to download remote CCDT files and is not used to send or receive messages”.

Security Bulletin: IBM MQ is vulnerable to issues with libcurl (CVE-2022-27780, CVE-2022-30115)

CVEID:   CVE-2022-27780
DESCRIPTION:   cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw that wrongly accepts percent-encoded URL separators like ‘/’ by the URL parser. By sending a specially-crafted host name in a URL, an attacker could exploit this vulnerability to bypass filters and checks for URL.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226250 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2022-30115
DESCRIPTION:   cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a HSTS check bypass flaw. By sending a specially-crafted request using a host name in the an URL with a trailing dot, an attacker could exploit this vulnerability to obtain sensitive information over clear-text HTTP, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226253 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)Version(s)
IBM MQ9.1 LTS
IBM MQ9.0 LTS
IBM MQ9.2 CD
IBM MQ9.1 CD
IBM MQ9.2 LTS

The Bulletin also gives details on the fixed levels or interim fixes.

…..

For CVE-2022-22489 ….

Security Bulletin: IBM MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2022-22489)

CVEID:   CVE-2022-22489
DESCRIPTION:   IBM MQ is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226339 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)

Affected Products and Versions

Affected Product(s)Version(s)
IBM MQ9.1 LTS
IBM MQ9.0 LTS
IBM MQ8.0
IBM MQ9.2 CD
IBM MQ9.1 CD
IBM MQ9.2 LTS

Looking at the Bulletin Fixpack 9.2.0.5 included the Fix for CVE-2022-22489 and for 9.1 the Fix for CVE-2022-22489 is included in 9.1.0.11

The Bulletin also gives further details on the fixed levels or interim fixes.

Related Posts

Leave a Reply

Your email address will not be published.