Memory Leak in Queue-Manager Agents Affects IBM WebSphere MQ
CVE-2016-0260

7.5HIGH

Key Information:

Vendor: IBM
Status: Websphere MQ
Vendor: CVE Published:; 29 June 2016

What is CVE-2016-0260?

A memory leak in the queue-manager agents of IBM WebSphere MQ 8.x before version 8.0.0.5 enables remote attackers to exploit this vulnerability. By continuously triggering various errors, attackers can lead to significant heap memory consumption, resulting in a denial of service. This could severely impact the performance and availability of applications relying on this messaging middleware.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21984564

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2016
Vulnerability Reserved
Dec 8, 2015