6.2
CVE-2023-47745
- EPSS 0.01%
- Veröffentlicht 03.03.2024 12:15:36
- Zuletzt bearbeitet 23.12.2024 17:33:15
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Mq Operator SwEdition- Version >= 2.2.0 <= 2.2.2
Ibm ≫ Mq Operator SwEdition- Version >= 2.3.0 <= 2.3.3
Ibm ≫ Mq Operator SwEdition- Version >= 2.4.0 <= 2.4.7
Ibm ≫ Mq Operator Version2.0.0 SwEditionlts
Ibm ≫ Mq Operator Version2.0.18 SwEditionlts
Ibm ≫ Mq Operator Version3.0.0 SwEditioncd
Ibm ≫ Mq Operator Version3.0.1 SwEditioncd
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.008 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 6.2 | 2.5 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.