IBM MQ denial of service
CVE-2023-28513

5.9MEDIUM

Key Information:

Vendor: IBM
Status: MQ; MQ Appliance
Vendor: CVE Published:; 19 July 2023

Summary

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.

Affected Version(s)

MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, 9.3 CD

MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, 9.2 LTS

References

https://www.ibm.com/support/pages/node/7007421

vendor-advisory

https://www.ibm.com/support/pages/node/7007731

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/250397

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 19, 2023
Vulnerability Reserved
Mar 16, 2023

.