CVE-2015-0189 — IBM Websphere MQ vulnerability

CWE-3996 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.5%

top 33.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere MQ

Timeline

PublishedMay 20

Latest updateMay 17

Description

The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_mq7 versions+6

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-ff9j-2g3f-hmwq: The cluster repository manager in IBM WebSphere MQ 7↗2022-05-17

▶

CVEList

CVE-2015-0189: The cluster repository manager in IBM WebSphere MQ 7↗2015-05-20

▶