IBM24ADEA1BC2F8F6EE1C456BBEA39172B110EAC6AAC07D69C7DDC77ED11571A7AASecurity Bulletin: IBM WebSphere MQ and IBM MQ Appliance proliferation of channel agents causes denial of service (CVE-2017-1145)
0.002 Low
EPSS
Percentile
61.3%
Summary
Threaded channel agents (amqrmppa) might not terminate when they are no longer required. This can lead to a denial of service through exhausting server resources.
Vulnerability Details
CVEID: CVE-2017-1145**
DESCRIPTION:** IBM WebSphere MQ does not properly terminate channel agents when they are no longer needed which could allow a user to cause a denial of service through resource exhaustion.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122198 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
Affected Products and Versions
IBM WebSphere MQ V8
The only maintenance level that is affected by this vulnerability is 8.0.0.6
IBM MQ Appliance
The only maintenance level that is affected by this vulnerability is 8.0.0.6
Remediation/Fixes
IBM WebSphere MQ V8
Download and apply ifix IT19218
IBM MQ Appliance
Download and apply ifix IT19218
| CPE | Name | Operator | Version |
|---|---|---|---|
| websphere mq | eq | 8.0.0.6 |
Related
0.002 Low
EPSS
Percentile
61.3%