Denial of Service Vulnerability in IBM MQ Internet Pass-Thru
CVE-2020-4766

5.9MEDIUM

Key Information:

Vendor: IBM
Status: MQ Internet Pass-thru
Vendor: CVE Published:; 22 January 2021

Summary

IBM MQ Internet Pass-Thru versions 2.1 and 9.2 are vulnerable to a Denial of Service attack, which allows a remote user to disrupt service by sending specially crafted MQ data requests. These malformed requests can exhaust system resources, leading to significant service interruptions. It is crucial for users to apply appropriate patches and mitigate this risk by monitoring traffic and implementing secure configurations.

Affected Version(s)

MQ Internet Pass-Thru 2.1

MQ Internet Pass-Thru 9.2

References

https://www.ibm.com/support/pages/node/6406254

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/188903

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 22, 2021
Vulnerability Reserved
Dec 30, 2019