Denial of service in IBM MQ

Published: 2018-12-05 18:02:39
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-1883
CVSSv3 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software IBM MQ
Vulnerable software versions IBM MQ 9.1.0.0
IBM MQ 9.0.4
IBM MQ 9.0.5
IBM MQ 9.0.3
IBM MQ 9.0.2
Vendor URL IBM Corporation

Security Advisory

1) Denial of service

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to unspecified flaw. A remote attacker can execute a denial of service attack preventing users from logging into the MQ Console REST API.

Remediation

The vulnerability has been fixed in the versions 9.1.0.1, 9.1.1.

External links

https://www-01.ibm.com/support/docview.wss?uid=ibm10738197&myns=swgws&mynp=OCSSYHRD&...

Back to List