An issue was found within IBM MQ Internet Pass-Thru that could allow an attacker to execute a denial of service attack.
CVEID:CVE-2020-4766
**DESCRIPTION:**IBM MQ Internet Pass-Thru could allow a remote user to cause a denial of service by sending malformed MQ data requests that would consume all available resources.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188903 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM MQ Internet Pass-Thru | 2.1 |
IBM MQ Internet Pass-Thru | 9.2 |
IBM MQ Internet Pass-Thru 2.1
Note: MQ IPT 2.1.0.5 is provided on Solaris platforms only, for users with appropriate extended support entitlement. Users of MQ IPT 2.1 on all other platforms should migrate to one of the MQ IPT 9.2 levels listed below (or later).
IBM MQ Internet Pass-Thru 9.2 LTS
IBM MQ Internet Pass-Thru 9.2 CD
None