6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.4%
IBM MQ Appliance has addressed an open redirect vulnerability.
CVEID:CVE-2024-29041
**DESCRIPTION:**Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM MQ Appliance | 9.3 LTS |
IBM MQ Appliance | 9.3 CD |
This vulnerability is addressed under APAR IT46075
IBM strongly recommends addressing the vulnerability now.
IBM MQ Appliance version 9.3 LTS
Apply IBM MQ Appliance 9.3.0.20 fix pack, or later firmware.
IBM MQ Appliance version 9.3 CD
Apply IBM MQ Appliance 9.3.5.2 cumulative security update, or later firmware.
None
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.4%