CVE-2023-28513 — Improper Input Validation in IBM MQ Appliance

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGHNVD

CNA5.9

EPSS

0.1%

top 72.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ IBM MQ Appliance

Timeline

PublishedJul 19

Description

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5ibm/mq_appliance9.2 LTS, 9.3 LTS, 9.2 CD, 9.2 LTS

▶NVDibm/mq_appliance9.2.0.0, 9.3.0.0+1

▶CVEListV5ibm/mq9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, 9.3 CD

▶NVDibm/mq4 versions+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM MQ denial of service↗2023-07-19

▶

GHSA

GHSA-x45w-xc46-348w: IBM MQ 9↗2023-07-19

▶