IBMEC2494D9170B37A3C205438159D2E56DF49EBE6C3D42005937E07ECEA2A76A2BSecurity Bulletin: IBM MQ Explorer is affected by a vulnerability in the IBM Semeru Runtime (CVE-2024-21085)
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
Confidence
Low
Summary
An issue was identified with IBM Semeru Runtime, Version 17, which is used in IBM MQ Explorer.
Vulnerability Details
CVEID:CVE-2024-21085
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/288000 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ | 9.3 CD |
| IBM MQ | 9.4 CD |
The following installable MQ components are affected by the vulnerability:
- IBM MQ Explorer
If you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see <https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins>
Remediation/Fixes
This issue was addressed under APAR IT46487.
IBM MQ version 9.3 CD
Apply interim fix for APAR IT46487
IBM MQ version 9.4 CD
Apply interim fix for APAR IT46487
Workarounds and Mitigations
None
Affected configurations
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
Confidence
Low