Vulnerability Details : CVE-2023-26284
IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417.
Products affected by CVE-2023-26284
- IBM » Mq Certified Container » LTS EditionVersions from including (>=) 9.3.0.1 and before (<) 9.3.0.4cpe:2.3:a:ibm:mq_certified_container:*:*:*:*:lts:*:*:*
- IBM » Mq Certified Container » Continous Delivery EditionVersions from including (>=) 9.3.1.0 and before (<) 9.3.2.0cpe:2.3:a:ibm:mq_certified_container:*:*:*:*:continous_delivery:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-26284
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-26284
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
IBM Corporation |
References for CVE-2023-26284
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/248417
IBM MQ Certified Container improper access controls CVE-2023-26284 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://www.ibm.com/support/pages/node/6960201
Vendor Advisory
Jump to