CVE-2023-28950
First published: Fri May 19 2023(Updated: )
IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM MQ | =8.0.0.0 | |
| IBM MQ | =9.0.0.0 | |
| IBM MQ | =9.1.0.0 | |
| IBM MQ | =9.2.0 | |
| IBM MQ | =9.2.0 | |
| IBM MQ | =9.3.0 | |
| IBM MQ | =9.3.0 | |
| HP HP-UX | ||
| IBM AIX | ||
| IBM i | ||
| Linux Linux kernel | ||
| Microsoft Windows | ||
| Oracle Solaris |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-28950.
What versions of IBM MQ are affected by this vulnerability?
IBM MQ versions 8.0, 9.0, 9.1, 9.2, and 9.3 are affected.
What is the severity of CVE-2023-28950?
The severity of CVE-2023-28950 is medium with a severity value of 5.5.
How can sensitive user information be disclosed from a trace file in IBM MQ?
Sensitive user information can be disclosed from a trace file if the trace functionality has been enabled.
How can I fix CVE-2023-28950 in IBM MQ?
To fix CVE-2023-28950 in IBM MQ, you should apply the necessary security patches provided by IBM.
- collector/nvd-index
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/last-modified-date
- vendor/ibm
- canonical/ibm mq
- version/ibm mq/8.0.0.0
- version/ibm mq/9.0.0.0
- version/ibm mq/9.1.0.0
- version/ibm mq/9.2.0
- version/ibm mq/9.3.0
- vendor/hp
- canonical/hp hp-ux
- canonical/ibm aix
- canonical/ibm i
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows
- vendor/oracle
- canonical/oracle solaris