An error was found with the IBM MQ client message handling logic that causes a denial of service attack when specifically crafted messages are consumed.
CVEID: CVE-2019-4261 DESCRIPTION: IBM MQ Clients are vulnerable to a denial of service attack caused by specially crafted messages.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160013> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
IBM WebSphere MQ V7.1
versions 7.1.0.0 - 7.1.0.9
IBM WepSphere MQ V7.5
versions 7.5.0.0 - 7.5.0.9
IBM MQ V8
versions 8.0.0.0 - 8.0.0.11
IBM MQ V9.0LTS
versions 9.0.0.0 - 9.0.0.6
IBM MQ V9.1 LTS
versions 9.1.0.0 - 9.1.0.2
IBM MQ V9.1 CD
versions 9.1.0 - 9.1.2
IBM WebSphere MQ V7.1
Contact IBM Support to request a fix for APAR IT25916
IBM WepSphere MQ V7.5
Contact IBM Support to request a fix for APAR IT25916
IBM MQ V8
IBM MQ V9.0LTS
IBM MQ V9.1 LTS
IBM MQ V9.1 CD
None