IBM MQ Appliance 9.2 CD/9.2 LTS injection

Summaryinfo

A vulnerability has been found in IBM MQ Appliance 9.2 CD/9.2 LTS and classified as critical. This affects an unknown part. Performing a manipulation results in injection. This vulnerability is known as CVE-2021-38967. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

Detailsinfo

A vulnerability, which was classified as critical, was found in IBM MQ Appliance 9.2 CD/9.2 LTS. This affects an unknown part. The manipulation with an unknown input leads to a injection vulnerability. CWE is classifying the issue as CWE-74. The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was published 11/30/2021. The advisory is shared at ibm.com. This vulnerability is uniquely identified as CVE-2021-38967 since 08/16/2021. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1055 for this issue.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (212441). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Vendor

• IBM

Name

• MQ Appliance

Version

• 9.2 CD
• 9.2 LTS

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion