fkie_nvd - fkie_cve-2022-42436

fkie_cve-2022-42436

Vulnerability from fkie_nvd

Published

2023-02-12 04:15

Modified

2024-11-21 07:24

Severity ?

4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/238206	Broken Link
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6909467	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/238206	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6909467	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	mq	8.0.0.0
ibm	mq	9.0.0.0
ibm	mq	9.1.0
ibm	mq	9.1.0.0
ibm	mq	9.2.0
ibm	mq	9.2.0
ibm	mq	9.3.0
ibm	mq	9.3.0
ibm	aix	-
ibm	i	-
ibm	linux_on_ibm_z	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC5F66BE-1A17-4A4E-AC8C-EA1CAF7AC09C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "4C360A44-E6C3-4E17-A86C-6B712E80CF16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "2E9E3A1B-D35D-4029-835C-C27917C2ABD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "040DDAAF-8039-46BD-A11B-DC3BDFC136C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "150A8804-DEE3-4974-B056-296AA8781131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "89BDCCFD-C1DF-4E19-8597-DF87C56D7E09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "BF356AA2-43D1-422A-80E1-822AE9C08094",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files.  IBM X-Force ID:  238206."
    }
  ],
  "id": "CVE-2022-42436",
  "lastModified": "2024-11-21T07:24:58.130",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-12T04:15:15.850",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238206"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6909467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6909467"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-42436 (GCVE-0-2022-42436)

Vulnerability from cvelistv5

Published

2023-02-08 19:28

Modified

2025-03-25 13:56