IBM77A63814ACC93A0B09601D1837C2616D1AC6BF75A84877E5CA55B1AB5E21F305Security Bulletin: IBM MQ Light is vulnerable to a remote attack on the MQXR service (CVE-2015-4943)
0.003 Low
EPSS
Percentile
71.1%
Summary
IBM MQ Light could allow a remote attacker to crash the MQXR service, using a sequence of connect and disconnects, which will have to be restarted.
Vulnerability Details
CVEID: CVE-2015-4943**
DESCRIPTION:** IBM WebSphere MQ could allow a remote attacker to crash the MQXR service, using a sequence of connect and disconnects, which will have to be restarted.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104516 for the current score.
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Products and Versions
IBM MQ Light V1.0 and V1.0.1 on all platforms.
Remediation/Fixes
Download and install the latest MQ Light Server appropriate for your platform from https://developer.ibm.com/messaging/mq-light/.
The following link describes how to re-use the data from your existing installation: _
__http://www.ibm.com/support/knowledgecenter/SSBJCR_1.0.0/com.ibm.mq.koa.doc/tmql_data.htm _.
Workarounds and Mitigations
None.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm mq light | eq | 1.0 |
Related
0.003 Low
EPSS
Percentile
71.1%