What is the severity of CVE-2024-54173?

The severity of CVE-2024-54173 is classified as medium due to the potential for local users to access sensitive information in trace files.

How do I fix CVE-2024-54173?

To fix CVE-2024-54173, disable the webconsole trace feature to prevent sensitive information from being exposed.

Which versions of IBM MQ are affected by CVE-2024-54173?

CVE-2024-54173 affects IBM MQ versions 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD.

How can local users exploit CVE-2024-54173?

Local users can exploit CVE-2024-54173 by reading sensitive information stored in trace files when the webconsole trace is enabled.

What type of information is exposed in CVE-2024-54173?

CVE-2024-54173 exposes potentially sensitive information that can include configuration details and authentication data.

Vulnerability/
CVE-2024-54173

medium

4.7

CWE

1323

28/2/2025

CVE-2024-54173: IBM MQ information disclosure

First published: Fri Feb 28 2025(Updated: )

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM MQ	<=SC2 (formerly LTS): v3.2.0 - v3.2.8CD: v3.0.0, v3.0.1, v3.1.0 - 3.1.3, v3.3.0, v3.4.0, v3.4.1 LTS: v2.0.0 - 2.0.29 Other Release: v2.4.0 - v2.4.8, v2.3.0 - 2.3.3, v2.2.0 - v2.2.2
IBM MQ Advanced	<=CD: 9.3.4.0-r1, 9.3.4.1-r1, 9.3.5.0-r1, 9.3.5.0-r2, 9.3.5.1-r1, 9.3.5.1-r2, 9.4.1.0-r1, 9.4.1.0-r2, 9.4.1.1-r1LTS: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.0.10-r1, 9.3.0.10-r2, 9.3.0.11-r1,9.3.0.11-r2, 9.3.0.15-r1, 9.3.0.16-r1, 9.3.0.16-r2, 9.3.0.17-r1, 9.3.0.17-r2, 9.3.0.17-r3, 9.3.0.20-r1, 9.3.0.20-r2, 9.3.0.21-r1, 9.3.0.21-r2, 9.3.0.21-r3, 9.3.0.25-r1, 9.4.0.0-r1, 9.4.0.0-r2, 9.4.0.0-r3, 9.4.0.5-r1, 9.4.0.5-r2, 9.4.0.6-r1, 9.4.0.6-r2, 9.4.0.7-r1 Other Release: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.1.0-r1, 9.3.1.0-r2, 9.3.1.0-r3, 9.3.1.1-r1, 9.3.2.0-r1, 9.3.2.0-r2, 9.3.2.1-r1, 9.3.2.1-r2, 9.3.3.0-r1, 9.3.3.0-r2, 9.3.3.1-r1, 9.3.3.1-r2, 9.3.3.2-r1, 9.3.3.2-r2, 9.3.3.2-r3, ,9.3.3.3-r1, 9.3.3.3-r2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7184453

Frequently Asked Questions

What is the severity of CVE-2024-54173?
The severity of CVE-2024-54173 is classified as medium due to the potential for local users to access sensitive information in trace files.
How do I fix CVE-2024-54173?
To fix CVE-2024-54173, disable the webconsole trace feature to prevent sensitive information from being exposed.
Which versions of IBM MQ are affected by CVE-2024-54173?
CVE-2024-54173 affects IBM MQ versions 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD.
How can local users exploit CVE-2024-54173?
Local users can exploit CVE-2024-54173 by reading sensitive information stored in trace files when the webconsole trace is enabled.
What type of information is exposed in CVE-2024-54173?
CVE-2024-54173 exposes potentially sensitive information that can include configuration details and authentication data.

collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/weakness
agent/severity
agent/title
agent/author
agent/source
agent/last-modified-date
agent/references
agent/softwarecombine
agent/description
agent/first-publish-date
agent/type
agent/event
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm mq
version/ibm mq/sc2 (formerly lts): v3.2.0 - v3.2.8cd: v3.0.0, v3.0.1, v3.1.0 - 3.1.3, v3.3.0, v3.4.0, v3.4.1 lts: v2.0.0 - 2.0.29 other release: v2.4.0 - v2.4.8, v2.3.0 - 2.3.3, v2.2.0 - v2.2.2
canonical/ibm mq advanced
version/ibm mq advanced/cd: 9.3.4.0-r1, 9.3.4.1-r1, 9.3.5.0-r1, 9.3.5.0-r2, 9.3.5.1-r1, 9.3.5.1-r2, 9.4.1.0-r1, 9.4.1.0-r2, 9.4.1.1-r1lts: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.0.10-r1, 9.3.0.10-r2, 9.3.0.11-r1,9.3.0.11-r2, 9.3.0.15-r1, 9.3.0.16-r1, 9.3.0.16-r2, 9.3.0.17-r1, 9.3.0.17-r2, 9.3.0.17-r3, 9.3.0.20-r1, 9.3.0.20-r2, 9.3.0.21-r1, 9.3.0.21-r2, 9.3.0.21-r3, 9.3.0.25-r1, 9.4.0.0-r1, 9.4.0.0-r2, 9.4.0.0-r3, 9.4.0.5-r1, 9.4.0.5-r2, 9.4.0.6-r1, 9.4.0.6-r2, 9.4.0.7-r1 other release: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.1.0-r1, 9.3.1.0-r2, 9.3.1.0-r3, 9.3.1.1-r1, 9.3.2.0-r1, 9.3.2.0-r2, 9.3.2.1-r1, 9.3.2.1-r2, 9.3.3.0-r1, 9.3.3.0-r2, 9.3.3.1-r1, 9.3.3.1-r2, 9.3.3.2-r1, 9.3.3.2-r2, 9.3.3.2-r3, ,9.3.3.3-r1, 9.3.3.3-r2