CVE-2022-40230

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-40230
"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532."

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/6622051 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:lts:*:*:*
History

04 Nov 2022, 17:14

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
CWE CWE-613
References (MISC) https://www.ibm.com/support/pages/node/6622051 - (MISC) https://www.ibm.com/support/pages/node/6622051 - Patch, Vendor Advisory
CPE cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*
First Time Ibm
Ibm mq Appliance

03 Nov 2022, 20:36

Type Values Removed Values Added
New CVE
Information

Published : 2022-11-03 20:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-40230

Mitre link : CVE-2022-40230

CVE.ORG link : CVE-2022-40230

JSON object : View

Products Affected

ibm

  • mq_appliance
CWE
CWE-613

Insufficient Session Expiration