IBMF7C02E735B2674788313AE8FA224B0040134396F7C532B1D8DF3531DDE7BF3A7Security Bulletin: IBM MQ is vulnerable to a denial of service attack caused by an error processing messages. (CVE-2021-38875)
EPSS
Percentile
32.8%
Summary
An issue was identified with IBM MQ message processing code that could allow an authenticated attacker (with authority to connect to the queue manager and put messages) to execute a denial of service attack against the queue manager with a malformed message.
Vulnerability Details
CVEID:CVE-2021-38875
**DESCRIPTION:**IBM MQ is vulnerable to a denial of service attack caused by an error processing messages.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208398 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ | 8.0 |
| IBM MQ | 9.0 LTS |
| IBM MQ | 9.1 LTS |
| IBM MQ | 9.2 LTS |
| IBM MQ | 9.1 CD |
| IBM MQ | 9.2 CD |
Remediation/Fixes
This issue was resolved by APAR IT36179
IBM MQ version 8.0
[Apply version 8.0 cumulative security update “CSU01”](<https://www.ibm.com/support/pages/fix-list-ibm-mq-version-80> "Apply version 8.0 cumulative security update “CSU01"” )
IBM MQ version 9.0 LTS
IBM MQ version 9.1 LTS
IBM MQ version 9.2 LTS
IBM MQ version 9.1 CD and 9.2 CD
Workarounds and Mitigations
None
Related
EPSS
Percentile
32.8%