IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/250398 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/6985835 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
26 May 2023, 15:42
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://www.ibm.com/support/pages/node/6985835 - Patch, Vendor Advisory | |
| References | (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/250398 - VDB Entry, Vendor Advisory | |
| CPE | cpe:2.3:a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:* cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:* cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| First Time |
Ibm i
Linux Hp hp-ux Microsoft windows Ibm Ibm mq Linux linux Kernel Ibm aix Oracle solaris Microsoft Oracle Hp |
Information
Published : 2023-05-19 15:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-28514
Mitre link : CVE-2023-28514
CVE.ORG link : CVE-2023-28514
JSON object : View
Products Affected
ibm
- mq
- i
- aix
linux
- linux_kernel
oracle
- solaris
hp
- hp-ux
microsoft
- windows
CWE
CWE-209
Generation of Error Message Containing Sensitive Information