Remote Denial of Service Vulnerability in IBM MessageSight
CVE-2014-0922

Currently unrated

Key Information:

Vendor: IBM
Status: Messagesight Jms Client; Messagesight
Vendor: CVE Published:; 15 April 2014

Summary

A vulnerability in IBM MessageSight 1.x prior to version 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to exploit weaknesses in the system's handling of WebSocket MQ Telemetry Transport (MQTT) data. By sending specially crafted MQTT messages, attackers can consume system resources, leading to a denial of service condition. This can disrupt service availability and impact business operations.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/92075

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IC98692

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21670278

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 15, 2014
Vulnerability Reserved
Jan 6, 2014