IBM8C183DEFFBB04076E9A1E8ED93640A30DEE3E4D5494BAE795018B07773CE46ACSecurity Bulletin: IBM MQ is affected by a denial of service vulnerability (CVE-2023-28513)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
57.6%
Summary
IBM MQ is affected by a denial of service vulnerability caused by improper message handling (CVE-2023-28513).
Vulnerability Details
CVEID:CVE-2023-28513
**DESCRIPTION:**IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ for HPE NonStop | 8.1.0 |
Remediation/Fixes
| IBM MQ V8.1 for HPE NonStop | 8.1.0.16 | IT44400 | Upgrade to CSU 8.1.0.16 |
|---|
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | mq_for_hpe_nonstop | 8.1 | cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
57.6%