CVE-2023-26284

EUVD-2023-30107
IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls.  IBM X-Force ID:  248417.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
ibmCNA
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
ibmmq_certified_container
9.3.0.1 ≤
𝑥
< 9.3.0.4
ibmmq_certified_container
9.3.1.0 ≤
𝑥
< 9.3.2.0
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/248417
https://www.ibm.com/support/pages/node/6960201
https://exchange.xforce.ibmcloud.com/vulnerabilities/248417
https://www.ibm.com/support/pages/node/6960201