CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
5.1%
An issue was identified with IBM MQ Managed File Transfer where sensitive information was printed within diagnostics files.
CVEID:CVE-2022-42436
**DESCRIPTION:**IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238206 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM MQ | 8.0 |
IBM MQ | 9.0 LTS |
IBM MQ | 9.1 CD |
IBM MQ | 9.1 LTS |
IBM MQ | 9.2 CD |
IBM MQ | 9.2 LTS |
IBM MQ | 9.3 CD |
IBM MQ | 9.3 LTS |
The following installable MQ components are affected by the vulnerability:
ā¢ Managed File Transfer
If you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see <https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins>
This issue was resolved under APAR IT42204.
IBM MQ version 8.0
IBM MQ Version 9.0 LTS
IBM MQ Version 9.1 LTS
IBM MQ Version 9.2 LTS
IBM MQ Version 9.3 LTS
IBM MQ 9.1 CD and IBM MQ 9.2 CD and IBM MQ 9.3 CD
None
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
5.1%