CVE-2023-46177

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGH

EPSS

0.0%

top 86.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ Appliance

Timeline

PublishedDec 18

Description

IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/mq_appliance9.3 LTS, 9.3 CD

▶NVDibm/mq_appliance9.3.0.0

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-2h9m-7wj7-h654: IBM MQ Appliance 9↗2023-12-18

▶

CVEList

IBM MQ Appliance information disclosure↗2023-12-18

▶