6.2
CVE-2023-47745
- EPSS 0.01%
- Veröffentlicht 03.03.2024 12:15:36
- Zuletzt bearbeitet 23.12.2024 17:33:15
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Mq Operator SwEdition- Version >= 2.2.0 <= 2.2.2
Ibm ≫ Mq Operator SwEdition- Version >= 2.3.0 <= 2.3.3
Ibm ≫ Mq Operator SwEdition- Version >= 2.4.0 <= 2.4.7
Ibm ≫ Mq Operator Version2.0.0 SwEditionlts
Ibm ≫ Mq Operator Version2.0.18 SwEditionlts
Ibm ≫ Mq Operator Version3.0.0 SwEditioncd
Ibm ≫ Mq Operator Version3.0.1 SwEditioncd
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.009 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 6.2 | 2.5 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.