Lucene search

IbmCVELIST:CVE-2024-31919

HistoryJun 28, 2024 - 5:34 p.m.

CVE-2024-31919 IBM MQ denial of service

2024-06-2817:34:15

CWE-770

ibm

www.cve.org

ibm mq

denial of service

vulnerability

versions 9.0

9.1

9.2

9.3

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:mq_appliance:9.0:*:*:*:lts:*:*:*",
      "cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*",
      "cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*",
      "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
      "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "MQ",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/290259

www.ibm.com/support/pages/node/7157979

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-31919