Products
IBM MQ
- 9.0 LTS
- 9.1 LTS
- 9.2 LTS
- 9.3 LTS
- 9.3 CD
Source
psirt@us.ibm.com
Tags
CVE-2024-35116 details
Published : June 28, 2024, 7:15 p.m.
Last Modified : June 28, 2024, 7:15 p.m.
Last Modified : June 28, 2024, 7:15 p.m.
Description
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.
CVSS Score
| 1 | 2 | 3 | 4 | 5.9 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-789 | Memory Allocation with Excessive Size Value | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
5.9
Exploitability Score
2.2
Impact Score
3.6
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References
| URL | Source |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/290335 | psirt@us.ibm.com |
| https://www.ibm.com/support/pages/node/7157387 | psirt@us.ibm.com |
| https://www.ibm.com/support/pages/node/7158071 | psirt@us.ibm.com |
This website uses the NVD API, but is not approved or certified by it.