PT-2022-22949 · Ibm · Ibm Mq Internet Pass-Thru
Published
2022-11-14
·
Updated
2022-11-16
·
CVE-2022-35719
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM MQ Internet Pass-Thru versions 2.1, 9.2 LTS, and 9.2 CD
Description
The issue concerns the storage of potentially sensitive information in trace files by IBM MQ Internet Pass-Thru, which could be accessed by a local user.
Recommendations
For IBM MQ Internet Pass-Thru version 2.1, restrict access to trace files to prevent unauthorized reading.
For IBM MQ Internet Pass-Thru version 9.2 LTS, consider implementing access controls to limit who can read the trace files.
For IBM MQ Internet Pass-Thru version 9.2 CD, apply configuration changes to securely store sensitive information, preventing local users from accessing it.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Mq Internet Pass-Thru