CVE-2024-35116

CWE-789 CWE-770 — Allocation without Limits6 documents4 sources

Severity

7.5HIGH

EPSS

0.3%

top 50.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ

Timeline

PublishedJun 28

Latest updateOct 15

Description

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/mq9.0.0.0 — 9.0.0.26+4

▶CVEListV5ibm/mq9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD

🔴Vulnerability Details

GHSA

GHSA-ph5p-wvqc-xxj8: IBM MQ 9↗2024-06-29

▶

CVEList

IBM MQ denial of service↗2024-06-28

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Runtime Java agent (jackson-databind) — CVE-2023-35116↗2024-10-15

▶

Oracle

Oracle Oracle Communications Applications Risk Matrix: REST Services Manager (jackson-databind) — CVE-2023-35116↗2024-07-15

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Third Party (jackson-databind) — CVE-2023-35116↗2024-04-15

▶