CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
34.4%
IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels.
CVEID:CVE-2022-31772
**DESCRIPTION:**IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228335 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM MQ | 9.1 LTS |
IBM MQ | 9.0 LTS |
IBM MQ | 8.0 |
IBM MQ | 9.2 CD |
IBM MQ | 9.1 CD |
IBM MQ | 9.2 LTS |
The following installable MQ components are affected by the vulnerability:
β’Telemetry Service
If you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see <https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins>
This issue was resolved under APAR IT33206.
IBM MQ Version 8.0
IBM MQ Version 9.0 LTS
IBM MQ Version 9.1 LTS
IBM MQ Version 9.2 LTS
**IBM MQ Version 9.3 LTS **
IBM MQ Version 9.1, 9.2 & 9.3 CD
Upgrade to IBM MQ 9.3.0 and apply FixPack 9.3.0.1
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
34.4%