A number of malformed MQTT client flows could be issued by a malicious user to cause the MQXR service to abend and require manual restart.
CVEID: CVE-2015-4943**
DESCRIPTION:** IBM WebSphere MQ could allow a remote attacker to crash the MQXR service using a sequence of connect and disconnects which will have to be restarted.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104516 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2015-4941**
DESCRIPTION:** IBM WebSphere MQ could allow a remote attacker to crash the MQXR service due to incorrect handling of abbreviated TLS handshake.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104514 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2015-4942**
DESCRIPTION:** IBM WebSphere MQ could allow a remote attacker to crash the MQXR service using a sequence of connect and disconnects which will have to be restarted.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104515 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
IBM WebSphere MQ 8.0
- IBM WebSphere MQ 8.0.0.3 and earlier maintenance levels
IBM WebSphere MQ 7.5
- IBM WebSphere MQ 7.5.0.5 and earlier maintenance levels
IBM WebSphere MQ 7.1
- IBM WebSphere MQ 7.1.0.6 and earlier maintenance levels
WebSphere MQ 8.0
- Apply fixpack 8.0.0.4
WebSphere MQ 7.5
- Apply interim ifix IT09866
WebSphere MQ 7.1
- Apply fixpack 7.1.0.7
None