IBM9F774AE9C2452A7ECA13A52D105BB1B0B11EB9E0D9E52502BB98D81A0AFB9FF0Security Bulletin: IBM MQ clients connecting to an MQ queue manager can cause a SIGSEGV in the amqrmppa channel process terminating it. (CVE-2018-1371)
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.6%
Summary
An IBM MQ client connecting to an MQ queue manager can cause a SIGSEGV in the queue manager’s amqrmppa channel process, terminating it.
Vulnerability Details
CVEID: CVE-2018-1371**
DESCRIPTION:** An IBM MQ client connecting to an MQ queue manager can cause a SIGSEGV in the amqrmppa channel process terminating it.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137771 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
IBM MQ V8.0
- Maintenance level 8.0.0.8
IBM MQ V9 LTS
- Maintenance level 9.0.0.2
IBM MQ V9 CD
- IBM MQ version 9.0.4
Remediation/Fixes
IBM MQ V8.0
IBM MQ V9 LTS
IBM MQ V9 CD
Affected configurations
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.6%