CVE-2022-42436: IBM MQ information disclosure
First published: Wed Feb 01 2023(Updated: )
IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere MQ Light | <=8.0 | |
| IBM WebSphere MQ Light | <=9.0 LTS | |
| IBM WebSphere MQ Light | <=9.1 CD | |
| IBM WebSphere MQ Light | <=9.1 LTS | |
| IBM WebSphere MQ Light | <=9.2 CD | |
| IBM WebSphere MQ Light | <=9.2 LTS | |
| IBM WebSphere MQ Light | <=9.3 CD | |
| IBM WebSphere MQ Light | <=9.3 LTS | |
| IBM WebSphere MQ Light | =8.0.0.0 | |
| IBM WebSphere MQ Light | =9.0.0.0 | |
| IBM WebSphere MQ Light | =9.1.0 | |
| IBM WebSphere MQ Light | =9.1.0.0 | |
| IBM WebSphere MQ Light | =9.2.0 | |
| IBM WebSphere MQ Light | =9.2.0 | |
| IBM WebSphere MQ Light | =9.3.0 | |
| IBM WebSphere MQ Light | =9.3.0 | |
| IBM AIX | ||
| IBM iSeries AS/400 | ||
| IBM z/OS Linux | ||
| Linux Kernel | ||
| Microsoft Windows Operating System | ||
| Oracle Solaris and Zettabyte File System (ZFS) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-42436.
What is the title of this vulnerability?
The title of this vulnerability is 'IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files.'
What is the severity of CVE-2022-42436?
The severity of CVE-2022-42436 is medium.
Which versions of IBM MQ are affected by this vulnerability?
IBM MQ versions 8.0.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 are affected by this vulnerability.
How can a local user obtain sensitive information from diagnostic files in IBM MQ Managed File Transfer?
A local user can obtain sensitive information from diagnostic files in IBM MQ Managed File Transfer due to a vulnerability.
- agent/references
- agent/type
- agent/first-publish-date
- agent/title
- agent/author
- agent/remedy
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-index
- vendor/ibm
- canonical/ibm websphere mq light
- version/ibm websphere mq light/8.0
- version/ibm websphere mq light/9.0 lts
- version/ibm websphere mq light/9.1 cd
- version/ibm websphere mq light/9.1 lts
- version/ibm websphere mq light/9.2 cd
- version/ibm websphere mq light/9.2 lts
- version/ibm websphere mq light/9.3 cd
- version/ibm websphere mq light/9.3 lts
- version/ibm websphere mq light/8.0.0.0
- version/ibm websphere mq light/9.0.0.0
- version/ibm websphere mq light/9.1.0
- version/ibm websphere mq light/9.1.0.0
- version/ibm websphere mq light/9.2.0
- version/ibm websphere mq light/9.3.0
- canonical/ibm aix
- canonical/ibm iseries as/400
- canonical/ibm z/os linux
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows operating system
- vendor/oracle
- canonical/oracle solaris and zettabyte file system (zfs)