Denial-of-Service Vulnerability in IBM MQ Appliance Web Console
CVE-2024-51471

5.3MEDIUM

Key Information:

Vendor: IBM
Status: IBM MQ Appliance
Vendor: CVE Published:; 19 December 2024

Summary

The IBM MQ Appliance web console in versions 9.3 LTS, 9.3 CD, and 9.4 LTS is susceptible to a denial-of-service condition caused by improper handling of memory allocation when the trace feature is enabled. An authenticated user can exploit this vulnerability by triggering an overflow that leads to writing outside the designated buffer size, resulting in service disruption.

References

https://www.ibm.com/support/pages/node/7178243

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2024