CVE-2023-26284

IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls.  IBM X-Force ID:  248417.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
ibmCNA
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
ibmmq_certified_container
9.3.0.1 ≤
𝑥
< 9.3.0.4
ibmmq_certified_container
9.3.1.0 ≤
𝑥
< 9.3.2.0
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/248417
https://www.ibm.com/support/pages/node/6960201
https://exchange.xforce.ibmcloud.com/vulnerabilities/248417
https://www.ibm.com/support/pages/node/6960201