Lucene search

IBM3730B16C00A9F99D507DCCFAD2255DAF98E8C461696C18EFB2D57749B2BEFEC7

HistoryJun 27, 2024 - 3:28 a.m.

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service attack (CVE-2024-35116)

2024-06-2703:28:31

www.ibm.com

ibm mq

appliance

vulnerability

addressed

fixes

denial of service

attack

cve-2024-35116

apar it45710

firmware

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.3%

JSON

Summary

IBM MQ Appliance has addressed a denial of service vulnerability.

Vulnerability Details

CVEID:CVE-2024-35116
**DESCRIPTION:**IBM MQ is vulnerable to a denial of service attack caused by an error applying configuration changes.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290335 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM MQ Appliance	9.3 LTS
IBM MQ Appliance	9.3 CD

Remediation/Fixes

This vulnerability is addressed under APAR IT45710

IBM strongly recommends addressing the vulnerability now.

IBM MQ Appliance version 9.3 LTS

Apply IBM MQ Appliance 9.3.0.20 fix pack, or later firmware.

IBM MQ Appliance version 9.3 CD

Apply IBM MQ Appliance 9.3.5.2 cumulative security update, or later firmware.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmmq_applianceMatch9.3.0.0

ibmmq_applianceMatch9.3.0.

ibmmq_applianceMatch9.3.0.1

ibmmq_applianceMatch9.3.0.2

ibmmq_applianceMatch9.3.0.3

ibmmq_applianceMatch9.3.0.4

ibmmq_applianceMatch9.3.0.5

ibmmq_applianceMatch9.3.0.6

ibmmq_applianceMatch9.3.0.10

ibmmq_applianceMatch9.3.0.11

ibmmq_applianceMatch9.3.0.15

ibmmq_applianceMatch9.3.0.16

ibmmq_applianceMatch9.3.0.17

ibmmq_applianceMatch9.3.1.0

ibmmq_applianceMatch9.3.1.1

ibmmq_applianceMatch9.3.2.0

ibmmq_applianceMatch9.3.2.1

ibmmq_applianceMatch9.3.3.0

ibmmq_applianceMatch9.3.3.1

ibmmq_applianceMatch9.3.4.0

ibmmq_applianceMatch9.3.4.1

ibmmq_applianceMatch9.3.5.0

ibmmq_applianceMatch9.3.5.1

CPENameOperatorVersion
ibm mq applianceeq9.3.0.0
ibm mq applianceeq9.3.0.
ibm mq applianceeq9.3.0.1
ibm mq applianceeq9.3.0.2
ibm mq applianceeq9.3.0.3
ibm mq applianceeq9.3.0.4
ibm mq applianceeq9.3.0.5
ibm mq applianceeq9.3.0.6
ibm mq applianceeq9.3.0.10
ibm mq applianceeq9.3.0.11

Name	Operator	Version
ibm mq appliance	eq	9.3.0.0
ibm mq appliance	eq	9.3.0.
ibm mq appliance	eq	9.3.0.1
ibm mq appliance	eq	9.3.0.2
ibm mq appliance	eq	9.3.0.3
ibm mq appliance	eq	9.3.0.4
ibm mq appliance	eq	9.3.0.5
ibm mq appliance	eq	9.3.0.6
ibm mq appliance	eq	9.3.0.10
ibm mq appliance	eq	9.3.0.11

Rows per page:

1-10 of 231

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.3%

JSON

Related for 3730B16C00A9F99D507DCCFAD2255DAF98E8C461696C18EFB2D57749B2BEFEC7