CVE-2024-54173

CWE-13233 documents3 sources
Severity
4.7MEDIUM
EPSS
0.1%
top 79.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM MQ ApplianceIBM MQ
Timeline
PublishedFeb 28

Description

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

NVDibm/mq_appliance9.3.0.09.3.0.27+2
CVEListV5ibm/mq9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD

🔴Vulnerability Details

2
CVEList
IBM MQ information disclosure2025-02-28
GHSA
GHSA-8m22-qpv5-x8c3: IBM MQ 92025-02-28
CVE-2024-54173 (MEDIUM CVSS 4.7) | IBM MQ 9.3 LTS | cvebase.io