Lucene search
IBM6ABC7C923F08E9A25B145948CA29CE58C2B16516FEED20DF40C9E5949C0E3C22HistoryFeb 28, 2022 - 3:10 p.m.
Security Bulletin: IBM MQ Appliance is affected by an incorrect session invalidation vulnerability (CVE-2021-38986)
2022-02-2815:10:58
www.ibm.com
27
ibm mq appliance
vulnerability
cve-2021-38986
fix available
EPSS
0.001
Percentile
19.6%
Summary
IBM MQ Appliance has resolved an incorrect session invalidation vulnerability.
Vulnerability Details
CVEID:CVE-2021-38986
**DESCRIPTION:**IBM MQ Appliance does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212942 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Appliance | 9.2 CD |
| IBM MQ Appliance | 9.2 LTS |
Remediation/Fixes
This vulnerability is addressed under APAR IT38930.
IBM strongly recommends addressing the vulnerability now.
IBM MQ Appliance version 9.2 LTS
Apply fixpack 9.2.0.4, or later firmware.
IBM MQ Appliance version 9.2 CD
Upgrade to 9.2.5 CD, or later firmware.
Workarounds and Mitigations
None
Related
prion
prion
Code injection
2022-03-01 17:15:00
nvd
nvd
CVE-2021-38986
2022-03-01 17:15:08
veracode
veracode
Insecure Session Validation
2022-03-02 06:32:07
cvelist
cvelist
CVE-2021-38986
2022-03-01 16:45:25
cve
cve
CVE-2021-38986
2022-03-01 17:15:08
cnvd
cnvd
IBM MQ Appliance code issue vulnerability
2022-03-02 00:00:00
EPSS
0.001
Percentile
19.6%
Related for 6ABC7C923F08E9A25B145948CA29CE58C2B16516FEED20DF40C9E5949C0E3C22