High Severity

Security Bulletin: IBM MQ is vulnerable to multiple Eclipse Jetty issues

Share this post:

Multiple issues were identified in Eclipse Jetty that IBM MQ uses to provide Web Console, REST API, Salesforce Bridge and Blockchain bridge functionality.

CVE(s): CVE-2021-28169, CVE-2021-34428, CVE-2021-28163, CVE-2021-28164, CVE-2021-34429, CVE-2021-28165

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM MQ 9.1 LTS
IBM MQ 9.2 CD
IBM MQ 9.1 CD
IBM MQ 9.2 LTS

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6584093
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/203492
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/204227
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199303
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199304
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205596
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199305

More stories

Security Bulletin: Vulnerabilities in vCenter affect IBM Cloud Pak System (CVE-2021-21980, CVE-2021-22049 )

August 13, 2022 | High Severity

Vulnerabilities have beein found in VMware vCenter. vCenter is shipped with Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. ...read more


Security Bulletin: Vulnerability in polkit affects Cloud Pak System ( CVE-2021-4034)

August 13, 2022 | High Severity

Polkit is used by IBM Cloud System OS. This security bulletin service applies to IBM Cloud System , IBM Cloud System Software and IBM Cloud System Software Suite. ...read more


Security Bulletin: Vulnerability in IBM SAN Volume Controller, IBM Storwize, and IBM FlashSystem shipped with Cloud Pak System

August 13, 2022 | High Severity

Vulnerability found in IBM SAN Volume Controller, IBM Storwize, and IBM FlashSystem shipped with Cloud Pak System. Cloud Pak System has addressed this vulnerability. ...read more