First published: Thu Dec 19 2024(Updated: )
IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM WebSphere MQ Light | <=9.4 LTS | |
IBM WebSphere MQ Light | <=9.4 CD | |
IBM WebSphere MQ Light | <=9.3 LTS | |
IBM WebSphere MQ Light | <=9.3 CD | |
IBM WebSphere MQ Light | <=9.2 LTS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-52896 is considered a medium severity vulnerability due to the potential for sensitive information disclosure.
To mitigate CVE-2024-52896, upgrade IBM MQ to a version beyond 9.4 LTS or 9.4 CD to avoid detailed technical error message leaks.
CVE-2024-52896 affects users of IBM MQ versions 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD.
CVE-2024-52896 can be exploited by remote attackers to potentially gain access to sensitive information through detailed error messages.
Currently, it is recommended to restrict access to the IBM MQ web console to prevent information leakage related to CVE-2024-52896.