CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
35.3%
Features requiring MQ client connectivity in IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to IBM MQ (CVE-2023-26285, CVE-2023-28950). The fix includes IBM Managed File Transfer and IBM MQ classes for Java at version 9.2.0.11
CVEID:CVE-2023-26285
**DESCRIPTION:**IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248418 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-28950
**DESCRIPTION:**IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251358 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM App Connect Enterprise | 12.0.1.0 - 12.0.9.0 |
IBM App Connect Enterprise | 11.0.0.1 - 11.0.0.21 |
IBM Integration Bus | 10.1 - 10.1.0.1 |
IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise and IBM Integration Bus
Affected Product(s) | Version(s) | APAR | Remediation / Fix |
---|---|---|---|
IBM App Connect Enterprise | 12.0.1.0 - 12.0.9.0 | IT44007 |
Interim fix for APAR (IT44007) is available to apply to 12.0.9.0 from
IBM App Connect Enterprise | 11.0.0.1 - 11.0.0.21| IT44007|
Interim fix for APAR (IT44007) is available to apply to 11.0.0.21 from
IBM Integration Bus| 10.1 - 10.1.0.1| IT44007|
Interim fix for APAR (IT44007) is available to apply to 10.1.0.1 from
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | app_connect_enterprise | * | cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:* |
ibm | integration_bus | * | cpe:2.3:a:ibm:integration_bus:*:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
35.3%