Severity
Medium
Analysis Summary
CVE-2022-22356 CVSS:5.3
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts.
CVE-2022-22355 CVSS:5.3
IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance.
Impact
- Denial of Service
- Information Disclosure
Indicator Of Compromise
CVE
- CVE-2022-22356
- CVE-2022-22355
Affected Vendors
IBM
Affected Products
- IBM MQ Appliance 9.2 LTS
- IBM MQ Appliance 9.2 CD
Remediation
Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.