IBMA75879BA03E0230C671CEBA46D326DEF4B29A2ED34B14732E0A1CB98E00A5E67Security Bulletin: IBM MQ is vulnerable to a denial of service attack caused by an issue processing message properties. (CVE-2021-29843)
EPSS
Percentile
32.8%
Summary
An issue was identified with IBM MQ queue manager’s message processing code that could allow an authenticated attacker (with authority to connect to the queue manager and put messages) to execute a denial of service attack against the queue manager with a malformed message.
Vulnerability Details
CVEID:CVE-2021-29843
**DESCRIPTION:**IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205203 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ | 8.0 |
| IBM MQ | 9.0 LTS |
| IBM MQ | 9.1 LTS |
| IBM MQ | 9.2 LTS |
| IBM MQ | 9.2 CD |
Remediation/Fixes
This issue was fixed under APAR IT35489
IBM MQ v8
[Apply 8.0.0.16 cumulative security update (CSU) 01](<https://www.ibm.com/support/pages/fix-list-ibm-mq-version-80> "Apply v8.0 cumulative security update “CSU01"” ) or later CSU
IBM MQ v9.0 LTS
IBM MQ v9.1 LTS
IBM MQ v9.2 LTS
IBM MQ v9.2 CD
Workarounds and Mitigations
None
Related
EPSS
Percentile
32.8%