IBMFA6377C0BD6A8786E154F6D279819EB361BB85FAA855C08EE71037521F4E4352Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service attack caused by an authenticated user crafting a malicious message (CVE-2019-4656)
0.001 Low
EPSS
Percentile
32.8%
Summary
IBM MQ Appliance is vulnerable to a denial of service attack that would allow an authenticated user to craft a malicious message causing a queue manager to incorrectly mark a queue as damaged, requiring a restart to continue processing against the queue.
Vulnerability Details
CVEID:CVE-2019-4656
**DESCRIPTION:**IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD are vulnerable to a denial of service attack that would allow an authenticated user to craft a malicious message causing a queue manager to incorrectly mark a queue as damaged, requiring a restart to continue processing against the queue. IBM X-Force ID: 170967.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/170967 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Appliance | 8.0 |
| IBM MQ Appliance | 9.1 LTS |
| IBM MQ Appliance | 9.1 CD |
Remediation/Fixes
IBM MQ Appliance V8
Apply FixPack 8.0.0.14
IBM MQ Appliance V9.1 LTS
Apply FixPack 9.1.0.4
IBM MQ Appliance V9.1 CD
Upgrade to IBM MQ 9.1.5
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
32.8%