CVE-2023-28514

CWE-2093 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 92.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM MQ
Timeline
PublishedMay 19

Description

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/mq8.0, 9.0 LTS, 9.0 CD, 9.1 LTS
NVDibm/mq4 versions+3

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM MQ information disclosure2023-05-19
GHSA
GHSA-wvhr-jw3j-479f: IBM MQ 82023-05-19
CVE-2023-28514 (MEDIUM CVSS 5.5) | IBM MQ 8.0 | cvebase.io