CVE-2019-4719

Name of the Vulnerable Software and Affected Versions IBM MQ and IBM MQ Appliance versions 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD

Description The issue allows a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. It is also reported that the vulnerability could lead to unauthorized configuration overwrite and authentication bypass, potentially resulting in remote code execution as root or SYSTEM.

Recommendations For IBM MQ and IBM MQ Appliance versions 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD, consider restricting access to sensitive data and runmqras to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.