CVE-2019-4655Improper Input Validation in IBM MQ

CWE-20Improper Input Validation3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 55.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM MQIBM MQ Appliance
Timeline
PublishedDec 30
Latest updateMay 24

Description

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDibm/mq9.1.09.1.4+1
NVDibm/mq_appliance9.1.09.1.4+1
CVEListV5ibm/mq7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-9jrx-77mv-vjxj: IBM MQ 92022-05-24
CVEList
CVE-2019-4655: IBM MQ 92019-12-30
CVE-2019-4655 — Improper Input Validation in IBM MQ | cvebase