Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3BC013258BE0EB23CA81174D1EADFA3384D1DEB691381A21F66C19C06A47F04C
HistoryJan 25, 2023 - 3:18 p.m.

Security Bulletin: IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. (CVE-2022-31772)

2023-01-2515:18:56
www.ibm.com
76
ibm mq
vulnerability
denial of service
mqtt channels
affected versions
8.0
9.0 lts
9.1 lts
9.2 cd
9.1 cd
9.2 lts
remediation
ifix
fixpack

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.4%

JSON

Summary

IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels.

Vulnerability Details

CVEID:CVE-2022-31772
**DESCRIPTION:**IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228335 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ 9.1 LTS
IBM MQ 9.0 LTS
IBM MQ 8.0
IBM MQ 9.2 CD
IBM MQ 9.1 CD
IBM MQ 9.2 LTS

The following installable MQ components are affected by the vulnerability:

β€’Telemetry Service

If you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see <https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins&gt;

Remediation/Fixes

This issue was resolved under APAR IT33206.

IBM MQ Version 8.0

Apply iFix for APAR IT33206

IBM MQ Version 9.0 LTS

Apply iFix for APAR IT33206

IBM MQ Version 9.1 LTS

Apply FixPack 9.1.0.12

IBM MQ Version 9.2 LTS

Apply Fixpack 9.2.0.6

**IBM MQ Version 9.3 LTS **

Apply Fixpack 9.3.0.1

IBM MQ Version 9.1, 9.2 & 9.3 CD

Upgrade to IBM MQ 9.3.0 and apply FixPack 9.3.0.1

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmqMatch8.0.0
OR
ibmmqMatch9.0.0
OR
ibmmqMatch9.1.0
OR
ibmmqMatch9.2.0
OR
ibmmqMatch9.3.0
VendorProductVersionCPE
ibmmq8.0.0cpe:2.3:a:ibm:mq:8.0.0:*:*:*:*:*:*:*
ibmmq9.0.0cpe:2.3:a:ibm:mq:9.0.0:*:*:*:*:*:*:*
ibmmq9.1.0cpe:2.3:a:ibm:mq:9.1.0:*:*:*:*:*:*:*
ibmmq9.2.0cpe:2.3:a:ibm:mq:9.2.0:*:*:*:*:*:*:*
ibmmq9.3.0cpe:2.3:a:ibm:mq:9.3.0:*:*:*:*:*:*:*

Related

cvelist 1
cnvd 1
cve 1
prion 1
ibm 3
nessus 1
nvd 1
cvelist
cvelist
CVE-2022-31772 IBM MQ denial of service
2022-11-11 18:56:12
cnvd
cnvd
IBM MQ Input Validation Error Vulnerability (CNVD-2023-08771)
2022-11-06 00:00:00
cve
cve
CVE-2022-31772
2022-11-11 19:15:10
prion
prion
Code injection
2022-11-11 19:15:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-31772
2022-11-08 11:12:19
Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues
2023-01-31 14:18:52
Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple issues due to IBM MQ.
2023-02-09 19:13:22
nessus
nessus
IBM MQ Authenticated DoS (6833806)
2022-11-10 00:00:00
nvd
nvd
CVE-2022-31772
2022-11-11 19:15:10

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.4%

JSON
Related for 3BC013258BE0EB23CA81174D1EADFA3384D1DEB691381A21F66C19C06A47F04C
cvelist1cnvd1cve1prion1ibm3nessus1nvd1