CVE-2022-22489

Summary

IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339.

Affected Software

VendorProductVersion RangeStatus
IBMMQ8.0affected
IBMMQ9.0.LTSaffected
IBMMQ9.1.LTSaffected
IBMMQ9.1.CDaffected
IBMMQ9.2.CDaffected

Weaknesses

  • Gain Access

ADP Enrichment

CVE Program Container

Additional References

References