CVE-2023-28950 — Vulnetix

CVE-2023-28950 PUBLISHED

In IBM MQ existieren mehrere Schwachstellen. Diese sind auf Fehler in der IBM Tracing Logik zurückzuführen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.

EPSS 0.05% · 15.3th percentile

Risk Scores

EPSS Score

0.05%

15.3th percentile

Affected Products

Vendor	Product	Versions
IBM	IBM MQ 8.1
IBM	IBM MQ 9.2 CD
IBM	IBM MQ 9.3 LTS
IBM	IBM MQ 9.2 LTS
IBM	IBM MQ 8.0
IBM	IBM MQ 9.2.0
IBM	IBM MQ 9.0 LTS
IBM	IBM MQ 9.3 CD
IBM	IBM MQ 9.3.0

Exploit Intelligence

CIRCL seen: CVE-2023-28950 (circl-sighting)
https://https://www.ibm.com/support/pages/node/6985837 (circl)
https://exchange.xforce.ibmcloud.com/vulnerabilities/251358 (circl)

Timeline

May 1, 2023 CVE Published
May 19, 2023 PoC Published
May 20, 2023 EPSS Score
Jun 8, 2023 CVE Updated
Jun 25, 2023 EPSS Score
Aug 1, 2023 EPSS Score
Sep 6, 2023 EPSS Score
Oct 13, 2023 EPSS Score
Nov 18, 2023 EPSS Score
Dec 24, 2023 EPSS Score
Jan 30, 2024 EPSS Score
Mar 6, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1115.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1115 advisory
http://www.ibm.com/support/pages/node/7001835 advisory
https://www.ibm.com/support/pages/node/6986563 advisory
https://www.ibm.com/support/pages/node/6986559 advisory
https://www.ibm.com/support/pages/node/6985901 advisory
https://www.ibm.com/support/pages/node/6985839 advisory
https://www.ibm.com/support/pages/node/6985837 advisory
https://www.ibm.com/support/pages/node/6985835 advisory
https://www.ibm.com/support/pages/node/6985833 advisory

Open in Interactive Console →