PT-2024-25427 · Ibm · Websphere Mq
Published
2024-04-16
·
Updated
2024-12-05
·
CVE-2024-3367
CVSS v3.1
6.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions 2.0.0 through 2.1.0
Checkmk versions prior to 2.2.0p26
Checkmk versions prior to 2.3.0b5
Description
The issue allows a local attacker to inject an argument to runmqsc, potentially due to an untrusted data vulnerability in the websphere mq agent plugin.
Recommendations
For Checkmk versions 2.0.0 through 2.1.0, upgrade Checkmk to the latest version.
For Checkmk versions prior to 2.2.0p26, upgrade Checkmk to the latest version.
For Checkmk versions prior to 2.3.0b5, upgrade Checkmk to the latest version.
As a general mitigation measure, identify affected systems, review plugin usage and permissions.
Fix
Argument Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Websphere Mq