CVE-2022-40230

2022-11-0320:15:31

CWE-613

[email protected]

web.nvd.nist.gov

ibm

appliance

session invalidation

authentication issue

x-force id

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

19.7%

JSON

“IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532.”

Affected configurations

Nvd

Node

ibmmq_applianceMatch9.2.0.0continuous_delivery

ibmmq_applianceMatch9.2.0.0lts

ibmmq_applianceMatch9.3.0.0continuous_delivery

ibmmq_applianceMatch9.3.0.0lts

VendorProductVersionCPE
ibmmq_appliance9.2.0.0cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:continuous_delivery:*:*:*
ibmmq_appliance9.2.0.0cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*
ibmmq_appliance9.3.0.0cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:continuous_delivery:*:*:*
ibmmq_appliance9.3.0.0cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:lts:*:*:*

Vendor	Product	Version	CPE
ibm	mq_appliance	9.2.0.0	cpe:2.3:a:ibm:mq_appliance:9.2.0.0::::continuous_delivery:::
ibm	mq_appliance	9.2.0.0	cpe:2.3:a:ibm:mq_appliance:9.2.0.0::::lts:::
ibm	mq_appliance	9.3.0.0	cpe:2.3:a:ibm:mq_appliance:9.3.0.0::::continuous_delivery:::
ibm	mq_appliance	9.3.0.0	cpe:2.3:a:ibm:mq_appliance:9.3.0.0::::lts:::