CVE-2019-4227 — Session Fixation in IBM MQ

CWE-384 — Session Fixation4 documents4 sources

Severity

7.3HIGHNVD

EPSS

0.3%

top 44.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ

Timeline

PublishedOct 4

Latest updateMay 24

Description

IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

▶NVDibm/mq8.0.0.4 — 8.0.0.12+3

▶CVEListV5ibm/mq21 versions+20

🔴Vulnerability Details

GHSA

GHSA-xjxh-q8mg-f6v9: IBM MQ 8↗2022-05-24

▶

OSV

linux-azure vulnerabilities↗2020-01-07

▶

CVEList

CVE-2019-4227: IBM MQ 8↗2019-10-04

▶