CVE-2023-28950: 
IBM WebSphere MQ vulnerability analysis and mitigation

IBM MQ versions 8.0, 9.0, 9.1, 9.2, and 9.3 contain a vulnerability that could potentially disclose sensitive user information through a trace file when tracing functionality is enabled. This vulnerability is tracked as CVE-2023-28950 and has been assigned IBM X-Force ID: 251358 (NVD).

The vulnerability has been assessed with a CVSS v3.1 Base Score of 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, no user interaction, and can result in high confidentiality impact without affecting integrity or availability (NVD).

The vulnerability could lead to the disclosure of sensitive user information if trace functionality is enabled in the affected IBM MQ installations. The impact is limited to confidentiality breaches, with no reported effects on system integrity or availability (NVD).

IBM has released patches for the affected versions (8.0, 9.0, 9.1, 9.2, and 9.3). Users are advised to update their IBM MQ installations to the latest patched versions (IBM Advisory).