CVE-2022-22356
First published: Mon Apr 04 2022(Updated: )
IBM DataPower Gateway could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM MQ Appliance | =9.2.0.0 | |
| IBM MQ Appliance | =9.2.0.0 | |
| IBM MQ Appliance | <=9.2 CD | |
| IBM MQ Appliance | <=9.2 LTS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2022-22356.
What is the affected software of this vulnerability?
The affected software of this vulnerability is IBM MQ Appliance 9.2 CD and 9.2 LTS.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is medium.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts.
Is there any additional information available about this vulnerability?
Yes, you can find additional information about this vulnerability at the following references: [IBM X-Force ID: 220487](https://exchange.xforce.ibmcloud.com/vulnerabilities/220487) and [IBM Support Site](https://www.ibm.com/support/pages/node/6564711).
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/description
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm mq appliance
- version/ibm mq appliance/9.2.0.0
- version/ibm mq appliance/9.2 cd
- version/ibm mq appliance/9.2 lts