A problem within the IBM MQ MQTT Service logic could cause a denial of service attack to be executed against MQTT clients attempting to connect to the queue manager.
CVEID: CVE-2018-1684 DESCRIPTION: IBM WebSphere MQ is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145456> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
IBM MQ V8
IBM MQ V8 versions 8.0.0.0 - 8.0.0.10
IBM MQ V9 LTS
IBM MQ V9 LTS versions 9.0.0.0 - 9.0.0.5
IBM MQ V9 CD
IBM MQ V9 CD versions 9.0.1 - 9.0.5
IBM MQ V9.1 LTS
IBM MQ V9.1 LTS versions 9.1.0.0
IBM MQ V8
IBM MQ V9 LTS
IBM MQ V9 CD
Upgrade to IBM MQ V9.1.0 and apply iFix IT25490
IBM MQ V9.1 LTS
None.