Remote Denial of Service Vulnerability in IBM WebSphere MQ
CVE-2018-1503

4.3MEDIUM

Key Information:

Vendor
IBM
Status
Websphere MQ
Vendor
CVE Published:
23 July 2018

Summary

A vulnerability in IBM WebSphere MQ 7.5, 8.0, and 9.0 allows a remotely authenticated attacker to exploit the system by sending invalid or malformed headers. This can lead to a disruption in the message transmission on affected channels, causing significant operational issues for users relying on the service. The issue raises concerns over the integrity and availability of messaging operations within the product, making it a critical point for organizations to address.

Affected Version(s)

WebSphere MQ 7.5

WebSphere MQ 8.0

WebSphere MQ 9.0

References

http://www.securityfocus.com/bid/104953
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22015617
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041387
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.