IBM MQ and IBM MQ Appliance Denial of Service Vulnerability
CVE-2024-25016

7.5HIGH

Key Information:

Vendor: IBM
Status: MQ
Vendor: CVE Published:; 3 March 2024

Summary

A vulnerability exists in IBM MQ and IBM MQ Appliance that may allow remote attackers to exploit incorrect buffering logic. This could result in a denial of service, where the services become unavailable to users. The affected versions include IBM MQ 9.0, 9.1, 9.2, as well as 9.3 LTS and 9.3 CD. It is crucial for organizations using these products to apply security patches and implement best practices to mitigate potential risks associated with this vulnerability.

Affected Version(s)

MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD

References

https://www.ibm.com/support/pages/node/7123139

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/281279

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 3, 2024
Vulnerability Reserved
Feb 3, 2024