A denial of service attack was discovered in Systemd which is included with IBM MQ CloudPaks.
CVEID: CVE-2019-6454 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a flaw in the bus_process_object function in bus-objects.c. By sending a specially-crafted DBUS message, a local authenticated attacker could exploit this vulnerability to crash PID 1 and result in a subsequent kernel panic.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157193> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
IBM MQ Advanced CloudPak (IBM Cloud Private, all platforms) Continuous Delivery
v2.0.0 - v2.2.2
IBM MQ Advanced CloudPak (IBM Cloud Private on RedHat OpenShift) Continuous Delivery
v2.1.0 - v2.2.1
IBM MQ Advanced CloudPak (IBM Cloud Private, all platforms) Continuous Delivery
Apply Fix IBM-MQ-Adv-Cloud-Pak-2.2.3 to upgrade to version v2.2.3
IBM MQ Advanced CloudPak (IBM Cloud Private on RedHat OpenShift) Continuous Delivery
Apply Fix IBM-MQ-Adv-Cloud-Pak-2.2.2-RHOS to upgrade to version v2.2.2
None