IBM MQ Appliance is vulnerable to a denial of service attack that would allow an authenticated user to craft a malicious message causing a queue manager to incorrectly mark a queue as damaged, requiring a restart to continue processing against the queue.
CVEID:CVE-2019-4656
**DESCRIPTION:**IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD are vulnerable to a denial of service attack that would allow an authenticated user to craft a malicious message causing a queue manager to incorrectly mark a queue as damaged, requiring a restart to continue processing against the queue. IBM X-Force ID: 170967.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/170967 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM MQ Appliance | 8.0 |
IBM MQ Appliance | 9.1 LTS |
IBM MQ Appliance | 9.1 CD |
IBM MQ Appliance V8
Apply FixPack 8.0.0.14
IBM MQ Appliance V9.1 LTS
Apply FixPack 9.1.0.4
IBM MQ Appliance V9.1 CD
Upgrade to IBM MQ 9.1.5
None