← back
CVE-2023-26284

IBM MQ Certified Container improper access controls

CVSS 7.5 HIGHEPSS 0.7%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
15 Mar 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H