Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-28950
HistoryMay 19, 2023 - 4:15 p.m.

CVE-2023-28950

2023-05-1916:15:14
[email protected]
web.nvd.nist.gov
4
ibm mq
disclose
sensitive
user information
trace file
enabled
ibm x-force id 251358

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0

Percentile

9.0%

JSON

IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.

Affected configurations

Nvd
Node
hphp-uxMatch-
OR
ibmaixMatch-
OR
ibmiMatch-
OR
linuxlinux_kernelMatch-
OR
microsoftwindowsMatch-
OR
oraclesolarisMatch-
AND
ibmmqMatch8.0.0.0
OR
ibmmqMatch9.0.0.0lts
OR
ibmmqMatch9.1.0.0lts
OR
ibmmqMatch9.2.0continuous_delivery
OR
ibmmqMatch9.2.0lts
OR
ibmmqMatch9.3.0continuous_delivery
OR
ibmmqMatch9.3.0lts
VendorProductVersionCPE
hphp-ux-cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
ibmaix-cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
ibmi-cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
oraclesolaris-cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*
ibmmq8.0.0.0cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*
ibmmq9.0.0.0cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*
ibmmq9.1.0.0cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*
ibmmq9.2.0cpe:2.3:a:ibm:mq:9.2.0:*:*:*:continuous_delivery:*:*:*
Rows per page:
1-10 of 131

Related

prion 1
ibm 4
nessus 1
veracode 1
cvelist 1
cve 1
prion
prion
Design/Logic Flaw
2023-05-19 16:15:00
ibm
ibm
Security Bulletin: IBM MQ trace can inadvertently trace sensitive data (CVE-2023-28950)
2023-05-10 17:52:53
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use MQ Client nodes are vulnerable to disclosure of sensitive information due to [CVE-2023-28950]
2023-06-01 14:43:21
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to IBM MQ (CVE-2023-26285, CVE-2023-28950)
2023-07-21 12:31:53
nessus
nessus
IBM MQ Information Disclosure (6985837)
2023-05-12 00:00:00
veracode
veracode
Information Disclosure
2023-05-26 10:22:41
cvelist
cvelist
CVE-2023-28950 IBM MQ information disclosure
2023-05-19 15:20:50
cve
cve
CVE-2023-28950
2023-05-19 16:15:14

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for NVD:CVE-2023-28950
prion1ibm4nessus1veracode1cvelist1cve1