Medium
IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. Passwords provided as part of a URL for an administrative COPY command may appear in the administrative log. If the password is not provided in the URL, it will be prompted for, and will not appear in the log.
Information disclosure
IBM
Refer to IBM Security advisory for patch, upgrade or suggested workaround information.