Security Bulletin: IBM MQ is vulnerable to a denial of service attack due to an error in the Channel processing function. (CVE-2019-4762)

2020-04-1510:23:18

www.ibm.com

0.001 Low

EPSS

Percentile

36.0%

JSON

Summary

An error was identified in the channel processing logic that means a remote attacker could execute a denial of service attack against a queue manager.

Vulnerability Details

CVEID:CVE-2019-4762
**DESCRIPTION:**IBM MQ is vulnerable to a denial of service attack due to an error in the Channel processing function.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173625 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM MQ	9.0 LTS
IBM MQ and IBM MQ Appliance	9.1 LTS
IBM MQ and IBM MQ Appliance	9.1 CD

Remediation/Fixes

IBM MQ 9.0 LTS

Apply Fix Pack 9.0.0.9

IBM MQ and IBM MQ Appliance 9.1 LTS

Apply Fix Pack 9.1.0.3

IBM MQ and IBM MQ Appliance 9.1 CD

Upgrade to IBM MQ 9.1.5

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm mqeq9.0.0.0
ibm mqeq9.0.0.1
ibm mqeq9.0.0.2
ibm mqeq9.0.0.3
ibm mqeq9.0.0.4
ibm mqeq9.0.0.5
ibm mqeq9.0.0.6
ibm mqeq9.0.0.7
ibm mqeq9.0.0.8
ibm mqeq9.1.0.0

Name	Operator	Version
ibm mq	eq	9.0.0.0
ibm mq	eq	9.0.0.1
ibm mq	eq	9.0.0.2
ibm mq	eq	9.0.0.3
ibm mq	eq	9.0.0.4
ibm mq	eq	9.0.0.5
ibm mq	eq	9.0.0.6
ibm mq	eq	9.0.0.7
ibm mq	eq	9.0.0.8
ibm mq	eq	9.1.0.0

Rows per page:

1-10 of 221

0.001 Low

EPSS

Percentile

36.0%

JSON

Related for FBAB047777D24D3003245B6450860649E8E0515B305D81A28EA764F31624D5A5