CVE-2023-47745

Summary

IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638.

Affected Software

VendorProductVersion RangeStatus
IBMMQ Operator2.0.0 LTS <= 2.0.18 LTSaffected
IBMMQ Operator2.4.0 <= 2.4.7affected
IBMMQ Operator2.3.0 <= 2.3.3affected
IBMMQ Operator2.2.0 <= 2.2.2affected
IBMMQ Operator3.0.0 CD <= 3.0.1 CDaffected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References