An authenticated user with authority to send a specially crafted message could cause a SDR or CLUSSDR channel to remain in a running state but not process messages.
CVEID: CVE-2017-1285**
DESCRIPTION:** IBM MQ could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages.
CVSS Base Score: 3.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125146 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
IBM MQ V8
IBM MQ 8.0.0.0 - 8.0.0.6 maintenance levels
IBM MQ V9
IBM MQ 9.0.0.0 - 9.0.0.1 maintenance levels
IBM MQ Appliance V8
IBM MQ Appliance 8.0.0.0 - 8.0.0.6 maintenance levels
IBM MQ V9 CD
IBM MQ V9.0.1 - V9.0.2
IBM MQ Appliance V9 CD
IBM MQ Appliance V9.0.1 and V9.0.2
IBM MQ V8
Apply Fix Pack 8.0.0.7
IBM MQ V9
Apply Fix Pack 9.0.0.2
IBM MQ Appliance V8
Apply Fix Pack 8.0.0.7 for MQ Appliance
IBM MQ V9 CD
IBM MQ Appliance V9 CD
Upgrade to 9.0.3.
None.