Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9854174BC53A6259718263A21B2561DA9035018B81BB520AAF70A78357E32F76
HistoryJun 15, 2018 - 7:04 a.m.

Security Bulletin: IBM MQ Light is vulnerable to a remote attack on the MQXR service (CVE-2015-4941)

2018-06-1507:04:21
www.ibm.com
7

EPSS

0.003

Percentile

71.1%

JSON

Summary

IBM MQ Light could allow a remote attacker to crash the MQXR service due to incorrect handling of abbreviated TLS handshake.

Vulnerability Details

CVEID: CVE-2015-4941**
DESCRIPTION:** IBM WebSphere MQ could allow a remote attacker to crash the MQXR service due to incorrect handling of abbreviated TLS handshake.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104514 for the current score.
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

IBM MQ Light V1.0 and V1.0.1 on all platforms.

Remediation/Fixes

Download and install the latest MQ Light Server appropriate for your platform: https://developer.ibm.com/messaging/mq-light/.

The following link describes how to re-use the data from your existing installation: _
__http://www.ibm.com/support/knowledgecenter/SSBJCR_1.0.0/com.ibm.mq.koa.doc/tmql_data.htm _.

Workarounds and Mitigations

None.

Related

cvelist 1
cve 1
prion 1
nvd 1
ibm 1
cvelist
cvelist
CVE-2015-4941
2016-01-01 02:00:00
cve
cve
CVE-2015-4941
2016-01-01 05:59:00
prion
prion
Code injection
2016-01-01 05:59:00
nvd
nvd
CVE-2015-4941
2016-01-01 05:59:00
ibm
ibm
Security Bulletin: Malformed client flows abend MQTT channel (CVE-2015-4943, CVE-2015-4941, CVE-2015-4942)
2018-06-15 07:04:21

EPSS

0.003

Percentile

71.1%

JSON
Related for 9854174BC53A6259718263A21B2561DA9035018B81BB520AAF70A78357E32F76
cvelist1cve1prion1nvd1ibm1