Lucene search

IBM9E77EC26311BDCA8FF243A783D76BD7CFD62601F65C57A66FBE8A5D3885CA0F0

HistorySep 16, 2024 - 11:33 p.m.

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2024-40680)

2024-09-1623:33:58

www.ibm.com

ibm mq appliance

denial of service

vulnerability

addressed

apar it45634

ibm

upgrade

fix pack 9.4.0.5

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

JSON

Summary

IBM MQ Appliance has addressed a denial of service vulnerability.

Vulnerability Details

CVEID:CVE-2024-40680
**DESCRIPTION:**IBM MQ could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297611 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM MQ Appliance	9.3 CD
IBM MQ Appliance	9.4 LTS

Remediation/Fixes

This vulnerability is addressed under APAR IT45634

IBM strongly recommends addressing the vulnerability now.

IBM MQ Appliance version 9.3 CD

Upgrade to IBM MQ Appliance fix pack 9.4.0.5, or later firmware.

IBM MQ Appliance version 9.4 LTS

Apply IBM MQ Appliance fix pack 9.4.0.5, or later firmware.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmmq_applianceMatch9.3.4.0

ibmmq_applianceMatch9.3.4.1

ibmmq_applianceMatch9.3.5.0

ibmmq_applianceMatch9.3.5.1

ibmmq_applianceMatch9.3.5.2

ibmmq_applianceMatch9.4.0.0

VendorProductVersionCPE
ibmmq_appliance9.3.4.0cpe:2.3:a:ibm:mq_appliance:9.3.4.0:*:*:*:*:*:*:*
ibmmq_appliance9.3.4.1cpe:2.3:a:ibm:mq_appliance:9.3.4.1:*:*:*:*:*:*:*
ibmmq_appliance9.3.5.0cpe:2.3:a:ibm:mq_appliance:9.3.5.0:*:*:*:*:*:*:*
ibmmq_appliance9.3.5.1cpe:2.3:a:ibm:mq_appliance:9.3.5.1:*:*:*:*:*:*:*
ibmmq_appliance9.3.5.2cpe:2.3:a:ibm:mq_appliance:9.3.5.2:*:*:*:*:*:*:*
ibmmq_appliance9.4.0.0cpe:2.3:a:ibm:mq_appliance:9.4.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	mq_appliance	9.3.4.0	cpe:2.3:a:ibm:mq_appliance:9.3.4.0:::::::*
ibm	mq_appliance	9.3.4.1	cpe:2.3:a:ibm:mq_appliance:9.3.4.1:::::::*
ibm	mq_appliance	9.3.5.0	cpe:2.3:a:ibm:mq_appliance:9.3.5.0:::::::*
ibm	mq_appliance	9.3.5.1	cpe:2.3:a:ibm:mq_appliance:9.3.5.1:::::::*
ibm	mq_appliance	9.3.5.2	cpe:2.3:a:ibm:mq_appliance:9.3.5.2:::::::*
ibm	mq_appliance	9.4.0.0	cpe:2.3:a:ibm:mq_appliance:9.4.0.0:::::::*