Lucene search

K
ibmIBM54B38045B70DAFDF42004DFFAAB0CE7C69F52CB2CCC56E2646D2BC32539B218F
HistoryAug 05, 2020 - 10:20 a.m.

Security Bulletin: IBM MQ could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. (CVE-2020-4375)

2020-08-0510:20:22
www.ibm.com
8

0.001 Low

EPSS

Percentile

36.0%

Summary

An error was found within the Dynamic queue logic that could cause a memory leak and be exploited by an attacker to cause a denial of service attack.

Vulnerability Details

CVEID:CVE-2020-4375
**DESCRIPTION:**IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179080 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ 9.1 LTS
IBM MQ 9.0 LTS
IBM MQ 8.0
IBM MQ 9.1 CD
IBM WebSphere MQ 7.5
IBM WebSphere MQ 7.1

Remediation/Fixes

IBM WebSphere MQ 7.1

Contact IBM Support and request a fix for APAR IT31336

IBM WebSphere MQ 7.5

Contact IBM Support and request a fix for APAR IT31336

IBM MQ 8.0

Apply Fixpack 8.0.0.15

IBM MQ 9.0 LTS

Apply Fixpack 9.0.0.10

IBM MQ 9.1 LTS

Apply Fixpack 9.1.0.5

IBM MQ 9.1 CD

Upgrade to IBM MQ 9.2

Workarounds and Mitigations

None

0.001 Low

EPSS

Percentile

36.0%

Related for 54B38045B70DAFDF42004DFFAAB0CE7C69F52CB2CCC56E2646D2BC32539B218F