Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2021-3634 CVE-2022-1271 CVE-2021-3580 CVE-2020-36518 |
| CWE-ID | CWE-119 CWE-20 CWE-787 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IBM Supplied MQ Advanced Queue Manager Container images Server applications / Virtualization software IBM MQ Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU56217
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3634
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling shared secrets. A remote attacker can supply a shared secret of a different size, trigger a memory corruption during the second key re-exchange and crash the application or potentially execute arbitrary code.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Supplied MQ Advanced Queue Manager Container images: before 9.2.0.5-r2-eus
IBM MQ: before 1.3.4 EUS, 1.8.2 CD, 1.3.4 EUS
CPE2.3- cpe:2.3:a:ibm_corporation:ibm-mqadvanced-server-integration:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_mq:*:*:*:*:*:*:*:*
https://bugzilla.redhat.com/show_bug.cgi?id=1978810
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU62002
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1271
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Install updates from vendor's website.
Vulnerable software versionsIBM Supplied MQ Advanced Queue Manager Container images: before 9.2.0.5-r2-eus
IBM MQ: before 1.3.4 EUS, 1.8.2 CD, 1.3.4 EUS
CPE2.3 External linkshttps://git.savannah.gnu.org/cgit/gzip.git/commit/?id=dc9740df61e575e8c3148b7bd3c147a81ea00c7c
https://savannah.gnu.org/forum/forum.php?forum_id=10157
https://www.zerodayinitiative.com/advisories/ZDI-22-619/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU53978
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-3580
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in nettle's RSA decryption functions due to insufficient validation of certain ciphertexts. A remote attacker can send specially crafted data to the server and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Supplied MQ Advanced Queue Manager Container images: before 9.2.0.5-r2-eus
IBM MQ: before 1.3.4 EUS, 1.8.2 CD, 1.3.4 EUS
CPE2.3 External linkshttps://bugzilla.redhat.com/show_bug.cgi?id=1967983
https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe
https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU61799
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-36518
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger out-of-bounds write and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Supplied MQ Advanced Queue Manager Container images: before 9.2.0.5-r2-eus
IBM MQ: before 1.3.4 EUS, 1.8.2 CD, 1.3.4 EUS
CPE2.3 External linkshttps://github.com/FasterXML/jackson-databind/issues/2816
https://github.com/advisories/GHSA-57j2-w4cx-62h2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
