CVE-2019-4055 — Improper Input Validation in IBM MQ

CWE-20 — Improper Input Validation5 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 29.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ IBM MQ Appliance

Timeline

PublishedApr 19

Latest updateMay 24

Description

IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDibm/mq8.0.0.0 — 8.0.0.10+3

▶NVDibm/mq_appliance8.0.0.0 — 8.0.0.10+2

▶CVEListV5ibm/mq20 versions+19

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-q2xx-h2wh-wv97: IBM MQ 8↗2022-05-24

▶

CVEList

CVE-2019-4055: IBM MQ 8↗2019-04-19

▶

💬Community

Bugzilla

CVE-2019-10393 jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts↗2020-04-01

▶

Bugzilla

CVE-2019-10394 jenkins-script-security-plugin: handling of property names in property expressions on the left-hand side of assignment expression leads to execute arbitrary code in sandboxed scripts↗2020-04-01

▶