Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM00BB8D6A45FDE8E4C3161E12F0F9F5220AA1186DABE2F7F6592C36A29FFED822
HistoryJun 28, 2023 - 6:56 p.m.

Security Bulletin: IBM MQ is affected by a denial of service vulnerability (CVE-2023-28513)

2023-06-2818:56:36
www.ibm.com
44
ibm mq
denial of service
vulnerability
apar it42945
affected versions
9.0 lts
9.1 lts
9.2 lts
9.3 lts
9.2 cd
9.3 cd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

57.6%

JSON

Summary

IBM MQ is affected by a denial of service vulnerability caused by improper message handling.

Vulnerability Details

CVEID:CVE-2023-28513
**DESCRIPTION:**IBM MQ, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ 9.0 LTS
IBM MQ 9.1 LTS
IBM MQ 9.2 LTS
IBM MQ 9.3 LTS
IBM MQ 9.2 CD
IBM MQ 9.3 CD

The following installable MQ components are affected by the vulnerability:

- Server

If you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see <https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins&gt;

Remediation/Fixes

This issue was resolved under APAR IT42945

IBM MQ 9.0 LTS

Apply cumulative security update 9.0.0.18

IBM MQ 9.1 LTS

Apply cumulative security update 9.1.0.16

IBM MQ 9.2 LTS

Apply fix pack 9.2.0.15

IBM MQ 9.3 LTS

Apply cumulative security update 9.3.0.6

IBM MQ 9.2 CD and 9.3 CD

Upgrade to IBM MQ Version 9.3.3

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmqMatch9.0.0
OR
ibmmqMatch9.1.0
OR
ibmmqMatch9.2.0
OR
ibmmqMatch9.3.0
VendorProductVersionCPE
ibmmq9.0.0cpe:2.3:a:ibm:mq:9.0.0:*:*:*:*:*:*:*
ibmmq9.1.0cpe:2.3:a:ibm:mq:9.1.0:*:*:*:*:*:*:*
ibmmq9.2.0cpe:2.3:a:ibm:mq:9.2.0:*:*:*:*:*:*:*
ibmmq9.3.0cpe:2.3:a:ibm:mq:9.3.0:*:*:*:*:*:*:*

Related

cvelist 1
veracode 1
prion 1
ibm 4
nessus 1
cve 1
nvd 1
cvelist
cvelist
CVE-2023-28513 IBM MQ denial of service
2023-07-19 01:49:14
veracode
veracode
Denial Of Service (DoS)
2023-07-24 10:00:38
prion
prion
Design/Logic Flaw
2023-07-19 02:15:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to IBM MQ (CVE-2023-28513).
2023-09-22 15:02:19
Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2023-28513)
2023-06-28 19:33:08
Security Bulletin: IBM MQ is affected by a denial of service vulnerability (CVE-2023-28513)
2023-08-31 15:29:24
nessus
nessus
IBM MQ Denial of Service (7007421)
2023-07-06 00:00:00
cve
cve
CVE-2023-28513
2023-07-19 02:15:09
nvd
nvd
CVE-2023-28513
2023-07-19 02:15:09

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

57.6%

JSON
Related for 00BB8D6A45FDE8E4C3161E12F0F9F5220AA1186DABE2F7F6592C36A29FFED822
cvelist1veracode1prion1ibm4nessus1cve1nvd1