Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM201E90B5316E604A4EAB4E11D9E3D93C67FD85E2EBDE303D2E3E1BCC55E5639A
HistoryApr 26, 2024 - 7:51 p.m.

Security Bulletin: IBM MQ is vulnerable to a buffer overflow (CVE-2024-25048)

2024-04-2619:51:30
www.ibm.com
9
ibm mq
buffer overflow
vulnerability
security bulletin
updates
remote attacker
heap-based
ibm mq 9.0
ibm mq 9.1
ibm mq 9.2
ibm mq 9.3
continuous delivery

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Summary

IBM MQ has addressed a buffer overflow vulnerability, caused by improper bounds checking.

Vulnerability Details

CVEID:CVE-2024-25048
**DESCRIPTION:**IBM MQ is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283137 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ 9.0 LTS
IBM MQ 9.1 LTS
IBM MQ 9.2 LTS
IBM MQ 9.3 LTS
IBM MQ 9.3 CD

The following installable MQ components are affected by the vulnerability:

- Server

If you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see <https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins&gt;

Remediation/Fixes

This issue was addressed under APAR IT45110

IBM MQ version 9.0 LTS

Apply Cumulative Security Update 9.0.0.24

IBM MQ version 9.1 LTS

Apply Cumulative Security Update 9.1.0.21

IBM MQ version 9.2 LTS

Apply Fix Pack 9.2.0.25

IBM MQ version 9.3 LTS

Apply Cumulative Security Update 9.3.0.17

IBM MQ version 9.3 CD

Upgrade to IBM MQ 9.3.5 continuous delivery release

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmqMatch9.0
OR
ibmmqMatch9.1
OR
ibmmqMatch9.2
OR
ibmmqMatch9.3
CPENameOperatorVersion
ibm mqeq9.0
ibm mqeq9.1
ibm mqeq9.2
ibm mqeq9.3

Related

veracode 1
cve 1
nvd 1
cvelist 1
ibm 5
nessus 1
veracode
veracode
Heap-based Buffer Overflow
2024-05-15 09:41:14
cve
cve
CVE-2024-25048
2024-04-27 12:15:10
nvd
nvd
CVE-2024-25048
2024-04-27 12:15:10
cvelist
cvelist
CVE-2024-25048 IBM MQ code execution
2024-04-27 12:07:33
ibm
ibm
Security Bulletin: IBM MQ Appliance is vulnerable to a buffer overflow (CVE-2024-25048)
2024-04-26 19:47:11
Security Bulletin:IBM MQ is vulnerable to a buffer overflow issue (CVE-2024-25048)
2024-05-01 20:38:07
Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server
2024-05-08 17:21:07
nessus
nessus
IBM MQ 9.0 <= 9.0.0.24 / 9.1 <= 9.1.0.21 / 9.2 <= 9.2.0.25 / 9.3 < 9.3.5 CD / 9.3 <= 9.3.0.17 (7149582)
2024-04-26 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for 201E90B5316E604A4EAB4E11D9E3D93C67FD85E2EBDE303D2E3E1BCC55E5639A
veracode1cve1nvd1cvelist1ibm5nessus1