Improper Authorization in IBM Supplied MQ Advanced Queue Manager Container images - CVE-2023-26284
Published: March 6, 2023
Vulnerability identifier: #VU72885
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-26284
CWE-ID: CWE-285
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM Supplied MQ Advanced Queue Manager Container images
IBM Supplied MQ Advanced Queue Manager Container images
Detailed vulnerability description
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to improper authorization. All users authenticated with the cluster are granted administration access to the MQ Console, without checking IAM access rights.
How to mitigate CVE-2023-26284
Install updates from vendor's website.