IBM MQ Appliance 9.3 Privilege Escalation via Invalid Security Key
CVE-2023-46176 Published on November 3, 2023

IBM MQ privilege escalation
IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-46176 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Improper Protection of Alternate Path

The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.

Products Associated with CVE-2023-46176

Want to know whenever a new CVE is published for IBM Mq Appliance? stack.watch will email you.

IBM Mq Appliance

Affected Versions

IBM MQ Appliance Version 9.3 CD is affected by CVE-2023-46176

Exploit Probability

EPSS

0.02%

Percentile

5.13%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

IBM MQ Appliance 9.3 Privilege Escalation via Invalid Security KeyCVE-2023-46176 Published on November 3, 2023

Vulnerability Analysis

Weakness Type

Improper Protection of Alternate Path

Products Associated with CVE-2023-46176

Affected Versions

Exploit Probability

IBM MQ Appliance 9.3 Privilege Escalation via Invalid Security Key
CVE-2023-46176 Published on November 3, 2023