CVE-2022-31772Improper Input Validation in IBM MQ

CWE-20Improper Input Validation3 documents3 sources
Severity
6.5MEDIUMNVD
CNA5.3
EPSS
0.3%
top 45.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM MQ
Timeline
PublishedNov 11
Latest updateNov 12

Description

IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/mq8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0
NVDibm/mq5 versions+4

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-4cv4-g7rq-vvp5: IBM MQ 82022-11-12
CVEList
IBM MQ denial of service2022-11-11
CVE-2022-31772 — Improper Input Validation in IBM MQ | cvebase