IBM MQ Appliance 9.2 CD/9.2 LTS Messaging weak password hash

Summaryinfo

A vulnerability classified as problematic has been found in IBM MQ Appliance 9.2 CD/9.2 LTS. The impacted element is an unknown function of the component Messaging Handler. Performing a manipulation results in weak password hash. This vulnerability is known as CVE-2022-22321. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as problematic, was found in IBM MQ Appliance 9.2 CD/9.2 LTS. This affects some unknown processing of the component Messaging Handler. The manipulation with an unknown input leads to a weak password hash vulnerability. CWE is classifying the issue as CWE-916. The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive. This is going to have an impact on confidentiality.

The weakness was published 03/01/2022. The advisory is shared at ibm.com. This vulnerability is uniquely identified as CVE-2022-22321 since 01/03/2022. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1552 for this issue.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (218368). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• IBM

Name

• MQ Appliance

Version

• 9.2 CD
• 9.2 LTS

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion