IBM9F54582F911AD1DBFE847E2C4F2DC15D011ECFDBC2BCEF59FF4239D75B060721Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service attack (CVE-2021-38875)
EPSS
Percentile
32.8%
Summary
IBM MQ Appliance has resolved a denial of service vulnerability.
Vulnerability Details
CVEID:CVE-2021-38875
**DESCRIPTION:**IBM MQ is vulnerable to a denial of service attack caused by an error processing messages.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208398 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Appliance | 9.1 LTS |
| IBM MQ Appliance | 9.2 CD |
| IBM MQ Appliance | 9.2 LTS |
| IBM MQ Appliance | 9.1 CD |
Remediation/Fixes
This vulnerability is addressed under APAR IT36179.
IBM MQ Appliance version 9.1 LTS
Apply fixpack 9.1.0.9, or later firmware.
IBM MQ Appliance version 9.1 CD
Upgrade to 9.2.4 CD, or later firmware.
IBM MQ Appliance version 9.2 LTS
Apply fixpack 9.2.0.4, or later firmware.
IBM MQ Appliance version 9.2 CD
Upgrade to 9.2.4 CD, or later firmware.
Workarounds and Mitigations
None
Related
EPSS
Percentile
32.8%