IBMA2EF0642A2503F722540C674EEF2CB5855D0754F1811D0CFB464B6562F77656BSecurity Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack caused by converting an invalid message. (CVE-2019-4614)
EPSS
Percentile
32.8%
Summary
An error was found within the IBM MQ data conversion code (used by MQ queue managers, and non-Java applications that perform client-side conversion) that could cause a denial of service attack when parsing a specially crafted message.
Vulnerability Details
CVEID:CVE-2019-4614
**DESCRIPTION:**IBM MQ client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168639 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ | 9.0 LTS |
| IBM MQ and IBM MQ Appliance | 9.1 CD |
| IBM MQ and IBM MQ Appliance | 8.0 |
| IBM MQ and IBM MQ Appliance | 9.1 LTS |
| IBM WebSphere MQ | 7.1 |
| IBM WebSphere MQ | 7.5 |
Remediation/Fixes
IBM WebSphere MQ V7.1
Customers with extended support entitlement may contact IBM support to obtain an interim fix for APAR IT29798
IBM WepSphere MQ V7.5
Customers with extended support entitlement may contact IBM support to obtain an interim fix for APAR IT29798
IBM MQ and IBM MQ Appliance V8
Apply FixPack 8.0.0.14
IBM MQ V9 LTS
Apply FixPack 9.0.0.8
IBM MQ and IBM MQ Appliance V9.1 LTS
Apply FixPack 9.1.0.4
IBM MQ and IBM MQ Appliance V9.1 CD
Upgrade to IBM MQ 9.1.4
Related
EPSS
Percentile
32.8%