CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
34.4%
An issue was identified within the IBM MQ Server component that would allow an authenticated attacker with sufficient MQ permissions to send MQSC or PCF commands to execute a denial of service attack by sending specially crafted payload.
CVEID:CVE-2022-43902
**DESCRIPTION:**IBM MQ is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240832 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM MQ | 9.1 LTS |
IBM MQ | 9.2 LTS |
IBM MQ | 9.3 LTS |
IBM MQ | 9.1 CD |
IBM MQ | 9.2 CD |
IBM MQ | 9.3 CD |
The following installable MQ components are affected by the vulnerability:
If you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see <https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins>
This issue was resolved under APAR IT42613.
IBM MQ 9.1 LTS
Apply cumulative security update 9.1.0.13
IBM MQ 9.2 LTS
Apply cumulative security update 9.2.0.8
IBM MQ 9.3 LTS
IBM MQ 9.1 CD, 9.2 CD and 9.3 CD
Upgrade to IBM MQ 9.3.1 and apply cumulative security update 9.3.1.1
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
34.4%