Lucene search
IbmCVELIST:CVE-2024-35155HistoryJun 28, 2024 - 5:40 p.m.
CVE-2024-35155 IBM MQ information disclosure
2024-06-2817:40:37
CWE-209
ibm
www.cve.org
6
ibm
mq
informationdisclosure
vulnerability
remoteattacker
sensitiveinformation
technicalerror
browser
furtherattacks
xforceid
292765
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
18.9%
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765.
CNA Affected
[
{
"cpes": [
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.3 LTS and 9.3 CD"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-35155 IBM MQ information disclosure
2024-06-28 17:40:37
ibm
ibm
veracode
veracode
Sensitive Information Disclosure
2024-07-01 07:35:45
nvd
nvd
CVE-2024-35155
2024-06-28 18:15:04
nessus
nessus
IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7158059)
2024-06-27 00:00:00
cve
cve
CVE-2024-35155
2024-06-28 18:15:04
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
18.9%
Related for CVELIST:CVE-2024-35155