CVE-2021-38967Code Injection in IBM MQ Appliance

CWE-94Code Injection3 documents3 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 86.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM MQ Appliance
Timeline
PublishedNov 30
Latest updateDec 1

Description

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/mq_appliance7 versions+6
NVDibm/mq_appliance9.2.0.0

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-7gx5-3645-vjvq: IBM MQ Appliance 92021-12-01
CVEList
CVE-2021-38967: IBM MQ Appliance 92021-11-30
CVE-2021-38967 — Code Injection in IBM MQ Appliance | cvebase