Multiple vulnerabilities in IBM MQ Operator and IBM supplied MQ Advanced container images
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2021-3521 CVE-2021-3999 CVE-2021-39031 CVE-2022-23219 CVE-2022-23218 |
| CWE-ID | CWE-347 CWE-193 CWE-90 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IBM Supplied MQ Advanced Queue Manager Container images Server applications / Virtualization software IBM MQ Operator Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU59993
Risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-3521
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error in RPM's signature functionality, as RPM does not check the binding signature of subkeys before importing them. A remote attacker with ability to add malicious subkey to a legitimate public key can run malicious code on the system.
Install update from vendor's website.
Vulnerable software versionsIBM Supplied MQ Advanced Queue Manager Container images: before 9.2.0.5-r1-eus
IBM MQ Operator: before 1.3.3
CPE2.3- cpe:2.3:a:ibm_corporation:ibm-mqadvanced-server-integration:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_mq_operator:*:*:*:*:*:*:*:*
https://github.com/rpm-software-management/rpm/pull/1788
https://bugzilla.redhat.com/show_bug.cgi?id=1941098
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Off-by-one
EUVDB-ID: #VU61293
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3999
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to an off-by-one error glibc getcwd() function. A remote attacker can pass specially crafted input to the application that is using the affected library version, trigger an off-by-one error and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsIBM Supplied MQ Advanced Queue Manager Container images: before 9.2.0.5-r1-eus
IBM MQ Operator: before 1.3.3
CPE2.3- cpe:2.3:a:ibm_corporation:ibm-mqadvanced-server-integration:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_mq_operator:*:*:*:*:*:*:*:*
https://sourceware.org/bugzilla/show_bug.cgi?id=28769
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) LDAP injection
EUVDB-ID: #VU59970
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-39031
CWE-ID:
CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper input validation when processing DLAP queries. A remote user can send a specially crafted request to modify the original LDAP query and gain unauthorized access to the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Supplied MQ Advanced Queue Manager Container images: before 9.2.0.5-r1-eus
IBM MQ Operator: before 1.3.3
CPE2.3- cpe:2.3:a:ibm_corporation:ibm-mqadvanced-server-integration:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_mq_operator:*:*:*:*:*:*:*:*
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-is-vulnerable-to-ldap-injection-cve-2021-39031/
https://www.ibm.com/support/pages/node/6550488
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU61295
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-23219
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the clnt_create() function in the sunrpc module. A remote attacker can pass specially crafted input to the application that is using the affected library version, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Supplied MQ Advanced Queue Manager Container images: before 9.2.0.5-r1-eus
IBM MQ Operator: before 1.3.3
CPE2.3- cpe:2.3:a:ibm_corporation:ibm-mqadvanced-server-integration:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_mq_operator:*:*:*:*:*:*:*:*
https://sourceware.org/bugzilla/show_bug.cgi?id=22542
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU61294
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-23218
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the svcunix_create() in the sunrpc module ib glibc. A remote attacker can pass specially crafted input to the application that is using the affected library version, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Supplied MQ Advanced Queue Manager Container images: before 9.2.0.5-r1-eus
IBM MQ Operator: before 1.3.3
CPE2.3- cpe:2.3:a:ibm_corporation:ibm-mqadvanced-server-integration:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_mq_operator:*:*:*:*:*:*:*:*
https://sourceware.org/bugzilla/show_bug.cgi?id=28768
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
