CVE-2023-22874 — Uncontrolled Resource Consumption in IBM MQ Appliance

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 93.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 5

Description

IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

▶NVDibm/mq_appliance9.2.0.0 — 9.3.2+1

▶CVEListV5ibm/mq9.2 CD, 9.3 CD, and 9.3 LTS

GHSA

GHSA-5mm8-xqjw-537m: IBM MQ Clients 9↗2023-05-05

▶

CVEList

IBM MQ denial of service↗2023-05-05

▶