CVE-2019-4261

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 47.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ IBM Websphere MQ

Timeline

PublishedAug 5

Latest updateMay 24

Description

IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDibm/websphere_mq7.1.0.0 — 7.1.0.9+1

▶NVDibm/mq8.0.0.0 — 8.0.0.11+3

▶CVEListV5ibm/mq24 versions+23

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-25fw-rhx6-pmwr: IBM WebSphere MQ V7↗2022-05-24

▶

CVEList

CVE-2019-4261: IBM WebSphere MQ V7↗2019-08-05

▶