#VU9719 Denial of service in IBM MQ - CVE-2017-1557
Published: December 22, 2017
Vulnerability identifier: #VU9719
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-1557
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
IBM MQ
IBM MQ
Software vendor:
IBM Corporation
IBM Corporation
Description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker with authority to connect to a remote queue manager can send a malicious request, cause undefined behaviour within the channel process servicing that connection, including a loss of service for other connections being serviced by the same channel process.
Successful exploitation of the vulnerability may result in denial of service.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker with authority to connect to a remote queue manager can send a malicious request, cause undefined behaviour within the channel process servicing that connection, including a loss of service for other connections being serviced by the same channel process.
Successful exploitation of the vulnerability may result in denial of service.
Remediation
Update to version 8.0.0.8, 9.0.0.2, 9.0.4.