IBM11E3C255C4B91197484794DA36524A4716112067511565F9509A3F5F2328CCAESecurity Bulletin: IBM MQ Appliance vulnerable to a denial of service attack (CVE-2021-29843)
EPSS
Percentile
32.8%
Summary
IBM MQ Appliance has resolved a denial of service vulnerability.
Vulnerability Details
CVEID:CVE-2021-29843
**DESCRIPTION:**IBM MQ is vulnerable to a denial of service attack caused by an issue processing message properties.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205203 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Appliance | 9.1 LTS |
| IBM MQ Appliance | 9.1 CD |
| IBM MQ Appliance | 9.2 LTS |
| IBM MQ Appliance | 9.2 CD |
Remediation/Fixes
This vulnerability is addressed under APAR IT35489.
IBM MQ Appliance version 9.1 LTS
Apply fixpack 9.1.0.9, or later firmware.
IBM MQ Appliance version 9.1 CD
Upgrade to 9.2.3 iFix IT35489, or later firmware.
IBM MQ Appliance version 9.2 LTS
Apply fixpack 9.2.0.3, or later firmware.
IBM MQ Appliance version 9.2 CD
Apply iFix IT35489, or later firmware.
Workarounds and Mitigations
None
Related
EPSS
Percentile
32.8%