Request a Demo
Rewterz
Rewterz Threat Alert – CryptBot Trojan – Active IOCs
November 30, 2021
Rewterz
Rewterz Threat Advisory – Multiple Trend Micro Worry-Free Business Security
December 1, 2021

Rewterz Threat Advisory – Multiple IBM MQ Appliance Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-38967 

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code

CVE-2021-38999 

IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace.

CVE-2021-39000 

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics

CVE-2021-38958 

IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue

Impact

  • Code Execution
  • Information Disclosure
  • Denial of Service

Affected Vendors

IBM

Affected Products

  • IBM MQ Appliance 9.2.0.0
  • IBM MQ Appliance 9.2.1
  • IBM MQ Appliance 9.2.0.1
  • IBM MQ Appliance 9.2.2
  • IBM MQ Appliance 9.2.0.2
  • IBM MQ Appliance 9.2.0.3
  • IBM MQ Appliance 9.2.3

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.

CVE-2021-38967 

https://www.ibm.com/support/pages/node/6512826

CVE-2021-38999 

https://www.ibm.com/support/pages/node/6519418

CVE-2021-39000 

https://www.ibm.com/support/pages/node/6519422

CVE-2021-38958 

https://www.ibm.com/support/pages/node/6519420