CVE-2022-22356

Name of the Vulnerable Software and Affected Versions IBM MQ Appliance versions 9.2 CD and 9.2 LTS

Description The issue allows an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts.

Recommendations For IBM MQ Appliance versions 9.2 CD and 9.2 LTS, consider restricting access to the login functionality until a patch is available. As a temporary workaround, monitor login attempts closely to detect potential enumeration attempts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.