CVE-2019-4656

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 43.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ IBM MQ Appliance IBM Websphere MQ

Timeline

PublishedMar 16

Latest updateMay 24

Description

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDibm/mq_appliance8.0.0.0 — 8.0.0.14

▶NVDibm/mq8.0.0.0 — 8.0.0.14+3

▶NVDibm/websphere_mq7.1.0.0 — 7.5.0.9

▶CVEListV5ibm/mq50 versions+49

🔴Vulnerability Details

GHSA

GHSA-8vcg-h82j-6975: IBM MQ and IBM MQ Appliance 7↗2022-05-24

▶

CVEList

CVE-2019-4656: IBM MQ and IBM MQ Appliance 7↗2020-03-16

▶