IBM3C6D1E5191094016F1A80F9BA2BCE09B5E07335D227AFBDA3718B3E99AB5C596Security Bulletin: IBM MQ can cause a Denial of Service attack to connecting MQTT clients (CVE-2018-1684)
0.001 Low
EPSS
Percentile
29.8%
Summary
A problem within the IBM MQ MQTT Service logic could cause a denial of service attack to be executed against MQTT clients attempting to connect to the queue manager.
Vulnerability Details
CVEID: CVE-2018-1684 DESCRIPTION: IBM WebSphere MQ is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145456> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
IBM MQ V8
IBM MQ V8 versions 8.0.0.0 - 8.0.0.10
IBM MQ V9 LTS
IBM MQ V9 LTS versions 9.0.0.0 - 9.0.0.5
IBM MQ V9 CD
IBM MQ V9 CD versions 9.0.1 - 9.0.5
IBM MQ V9.1 LTS
IBM MQ V9.1 LTS versions 9.1.0.0
Remediation/Fixes
IBM MQ V8
IBM MQ V9 LTS
IBM MQ V9 CD
Upgrade to IBM MQ V9.1.0 and apply iFix IT25490
IBM MQ V9.1 LTS
Workarounds and Mitigations
None.
Related
0.001 Low
EPSS
Percentile
29.8%