CVE-2017-1283Missing Release of Resource after Effective Lifetime in IBM Websphere MQ

CWE-772Missing Release of Resource after Effective Lifetime4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 48.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM MQIBM Websphere MQ
Timeline
PublishedNov 27
Latest updateMay 13

Description

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDibm/websphere_mq14 versions+13
CVEListV5ibm/mq14 versions+13

🔴Vulnerability Details

3
GHSA
GHSA-p2xq-4649-mvv2: IBM WebSphere MQ 82022-05-13
OSV
apache2 vulnerabilities2018-04-19
CVEList
CVE-2017-1283: IBM WebSphere MQ 82017-11-27
CVE-2017-1283 — IBM Websphere MQ vulnerability | cvebase