Denial of Service in IBM MQ by Authenticated Users
CVE-2020-4931

6.5MEDIUM

Key Information:

Vendor: IBM
Status: MQ Appliance
Vendor: CVE Published:; 24 February 2021

Summary

IBM MQ versions 9.1 LTS, 9.2 LTS, and 9.1 CD contain a vulnerability that allows authenticated users to exploit an issue in message processing, leading to a denial of service. This vulnerability can impact the availability of the messaging service by preventing legitimate users from processing messages effectively, thus affecting overall system performance and reliability.

Affected Version(s)

MQ Appliance 9.1.0.0

MQ Appliance 9.1.0.1

MQ Appliance 9.1.1

References

https://www.ibm.com/support/pages/node/6403295

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/191747

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 24, 2021
Vulnerability Reserved
Dec 30, 2019