Lucene search

IBME11024BA8D840440AADAF84A0ADE09480ABDBFD252BCFF30D254A47C8FCB78F8

HistoryFeb 24, 2023 - 6:57 p.m.

Security Bulletin: IBM MQ for HPE NonStop Server is affected by channel CCDT vulnerability CVE-2022-40237

2023-02-2418:57:37

www.ibm.com

ibm mq

hpe nonstop

channel ccdt vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.4%

JSON

Summary

An issue was identifed within the MQ channel processing when a channel CCDT file contains invalid or corrupted records.

Vulnerability Details

CVEID:CVE-2022-40237
**DESCRIPTION:**IBM MQ is vulnerable to a denial of service attack due to an error within the CCDT and channel synconization logic.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235727 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM MQ for HPE NonStop	8.1.0

Remediation/Fixes

IBM MQ V8.1 for HPE NonStop	8.1.0.12	IT43171	Install fix for APAR IT43171

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmmq_for_hpe_nonstopMatch8.1

VendorProductVersionCPE
ibmmq_for_hpe_nonstop8.1cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	mq_for_hpe_nonstop	8.1	cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1:::::::*

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.4%

JSON

Related for E11024BA8D840440AADAF84A0ADE09480ABDBFD252BCFF30D254A47C8FCB78F8