Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack caused by an error within the Data Conversion routine (CVE-2019-4655)

2019-12-2010:39:03

www.ibm.com

0.001 Low

EPSS

Percentile

31.1%

JSON

Summary

An error was found within the IBM MQ message data conversion processing code that could cause multiple failure data capture (FDC) records to be generated and prevent the channel handling process amqrmppa from handling requests.

Vulnerability Details

CVEID:CVE-2019-4655
**DESCRIPTION:**IBM MQ is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/170966 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM MQ and IBM MQ Appliance	9.1 LTS
IBM MQ and IBM MQ Appliance	9.1 CD

Remediation/Fixes

IBM MQ and IBM MQ Appliance V9.1 LTS
Apply FixPack 9.1.0.4

IBM MQ and IBM MQ Appliance V9.1 CD
Upgrade to IBM MQ 9.1.4

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm mqeq9.1.0.0
ibm mqeq9.1.0.1
ibm mqeq9.1.0.2
ibm mqeq9.1.0.3
ibm mqeq9.1.1
ibm mqeq9.1.2
ibm mqeq9.1.3
ibm mq applianceeq9.1
ibm mq applianceeq9.1.0.1
ibm mq applianceeq9.1.0.2

Name	Operator	Version
ibm mq	eq	9.1.0.0
ibm mq	eq	9.1.0.1
ibm mq	eq	9.1.0.2
ibm mq	eq	9.1.0.3
ibm mq	eq	9.1.1
ibm mq	eq	9.1.2
ibm mq	eq	9.1.3
ibm mq appliance	eq	9.1
ibm mq appliance	eq	9.1.0.1
ibm mq appliance	eq	9.1.0.2

Rows per page:

1-10 of 141

0.001 Low

EPSS

Percentile

31.1%

JSON

Related for 1B574AA902AE4C48E200915318CC8A39B84F0B9A860EDB51EEFFA62833D6D91D