In IBM MQ, high-severity vulnerabilities have been patched after IBM issued a warning that attackers could use them to get around security measures or access private data. IBM MQ, a messaging and queuing middleware, offers enterprise-grade messaging between applications, allowing data to be transferred between programs and the sending of messages to many subscribers.
This week, two security flaws in the libcurl library, both of which were present in IBM MQ, were fixed. According to an advisory from IBM, both vulnerabilities can be used remotely. The first of these flaws, identified as CVE-2022-27780, could let an attacker get around security measures by using a specially crafted host name in a URL.
An HSTS check bypass flaw causes the second vulnerability, CVE-2022-30115, to exist. This flaw could be used to obtain sensitive information via clear-text HTTP.
Read More: IBM Patches Severe Vulnerabilities in MQ Messaging Middleware
For more such updates follow us on Google News ITsecuritywire News