IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/250398 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/6985835 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
26 May 2023, 15:42
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| References | (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/250398 - VDB Entry, Vendor Advisory | |
| References | (MISC) https://www.ibm.com/support/pages/node/6985835 - Patch, Vendor Advisory | |
| First Time |
Linux
Hp hp-ux Hp Ibm i Ibm aix Microsoft windows Oracle solaris Ibm Linux linux Kernel Oracle Ibm mq Microsoft |
|
| CPE | cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:* cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:* cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:* |
19 May 2023, 17:53
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-05-19 15:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-28514
Mitre link : CVE-2023-28514
CVE.ORG link : CVE-2023-28514
JSON object : View
Products Affected
ibm
- i
- mq
- aix
oracle
- solaris
linux
- linux_kernel
microsoft
- windows
hp
- hp-ux
CWE
CWE-209
Generation of Error Message Containing Sensitive Information