IBM MQ Appliance has resolved an incorrect session invalidation vulnerability.
CVEID:CVE-2021-38986
**DESCRIPTION:**IBM MQ Appliance does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212942 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM MQ Appliance | 9.2 CD |
IBM MQ Appliance | 9.2 LTS |
This vulnerability is addressed under APAR IT38930.
IBM strongly recommends addressing the vulnerability now.
IBM MQ Appliance version 9.2 LTS
Apply fixpack 9.2.0.4, or later firmware.
IBM MQ Appliance version 9.2 CD
Upgrade to 9.2.5 CD, or later firmware.
None