CVE-2022-35719 - IBM MQ Internet Pass-Thru Potentially Exposes Sensitive Information in Trace Files

A recently discovered vulnerability (CVE-2022-35719) in IBM MQ Internet Pass-Thru (MQIPT) could potentially expose sensitive information to unauthorized users. This vulnerability impacts MQIPT versions 2.1, 9.2 LTS, and 9.2 CD. In this blog, we will discuss the details of this vulnerability and the potential risks it poses.

Description

IBM MQ Internet Pass-Thru is a lightweight software solution that allows you to pass MQ messages through your internet-facing services. The component is commonly used in applications that utilize the MQ message queuing system. However, recent findings have revealed a potential vulnerability within MQIPT.

The vulnerability exists because MQIPT stores potentially sensitive information in trace files that could be read by a local user. An attacker with access to the local machine's file system could read these trace files and potentially gain unauthorized access to sensitive data.

This vulnerability has been assigned a CVE identifier: CVE-2022-35719.

Code Snippet Example

The issue originates from how IBM MQ manages trace files when a user requests to connect or send messages. Below is a hypothetical code snippet that demonstrates the trace file generation process:

def create_trace_file(user_request):
    trace_file = open("trace_file.txt", "a")
    trace_file.write("User Request: " + user_request)
    sensitive_information = get_sensitive_data(user_request)
    trace_file.write("Sensitive Information: " + sensitive_information)
    trace_file.close()

In this example, requesting user information generates a trace file. The file also contains the sensitive information retrieved, making it potentially exposed to unauthorized individuals with access to the system.

Exploit Details

An attacker can exploit this vulnerability by gaining local access to the machine where MQIPT is installed. The attacker could then search for trace files, examine their contents, and harvest sensitive data.

Original References

IBM has officially acknowledged this vulnerability and provided a detailed security bulletin. The original IBM Security Bulletin can be found here.

IBM has also provided a patch to fix this vulnerability. Users of MQIPT 2.1, 9.2 LTS, and 9.2 CD should update their installations with the provided patch as soon as possible. The patch can be found here.

Conclusion

In summary, CVE-2022-35719 is a critical vulnerability affecting IBM MQ Internet Pass-Thru versions 2.1, 9.2 LTS, and 9.2 CD. The vulnerability potentially allows unauthorized users to gain access to sensitive information stored in trace files. As a best practice, organizations should keep their software up to date, and in this case, apply the IBM-provided patch to mitigate risks associated with this vulnerability.

Stay tuned for more information and updates on cybersecurity vulnerabilities, exploits, and best practices for securing your systems.

Timeline

Published on: 11/14/2022 17:15:00 UTC
Last modified on: 11/16/2022 21:04:00 UTC