IBME8F7C6AD12DCCB887E352284B40E9F1720038ED16FC4B059D710A6792CF606DCSecurity Bulletin: IBM MQ clients are vulnerable to a denial of service attack caused by consuming specifically crafted messages (CVE-2019-4261)
0.001 Low
EPSS
Percentile
33.0%
Summary
An error was found with the IBM MQ client message handling logic that causes a denial of service attack when specifically crafted messages are consumed.
Vulnerability Details
CVEID: CVE-2019-4261 DESCRIPTION: IBM MQ Clients are vulnerable to a denial of service attack caused by specially crafted messages.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160013> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
IBM WebSphere MQ V7.1
versions 7.1.0.0 - 7.1.0.9
IBM WepSphere MQ V7.5
versions 7.5.0.0 - 7.5.0.9
IBM MQ V8
versions 8.0.0.0 - 8.0.0.11
IBM MQ V9.0LTS
versions 9.0.0.0 - 9.0.0.6
IBM MQ V9.1 LTS
versions 9.1.0.0 - 9.1.0.2
IBM MQ V9.1 CD
versions 9.1.0 - 9.1.2
Remediation/Fixes
IBM WebSphere MQ V7.1
Contact IBM Support to request a fix for APAR IT25916
IBM WepSphere MQ V7.5
Contact IBM Support to request a fix for APAR IT25916
IBM MQ V8
IBM MQ V9.0LTS
IBM MQ V9.1 LTS
IBM MQ V9.1 CD
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
33.0%