CVE-2019-4614 — Improper Input Validation in IBM MQ Appliance

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 43.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ IBM MQ Appliance

Timeline

PublishedJan 28

Latest updateMay 24

Description

IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDibm/mq_appliance8.0.0.0 — 8.0.0.14+2

▶NVDibm/mq8.0.0.0 — 8.0.0.14+3

▶CVEListV5ibm/mq29 versions+28

🔴Vulnerability Details

GHSA

GHSA-ff94-3j58-q72h: IBM MQ and IBM MQ Appliance 8↗2022-05-24

▶

CVEList

CVE-2019-4614: IBM MQ and IBM MQ Appliance 8↗2020-01-28

▶