Vulnerabilities > CVE-2019-4055 - Unspecified vulnerability in IBM MQ and MQ Appliance
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564.
Vulnerable Configurations
Nessus
NASL family | Windows |
NASL id | WEBSPHERE_MQ_IBM10870484.NASL |
description | According to its self-reported version, the IBM MQ server installed on the remote host is 8.0.0.x prior to 8.0.0.11 LTS, 9.0.0.x prior to 9.0.0.6 LTS, 9.1.0.x prior to 9.1.0.2 LTS, or 9.1.1 CD and is therefore affected by a denial-of-service vulnerability in the IBM MQ Queue Manager due to a weakness in the TLS key renegotiation functions. An unauthenticated, remote attacker could exploit this vulnerability to impact the availability of the service. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 125896 |
published | 2019-06-14 |
reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/125896 |
title | IBM MQ 8.0.0.x < 8.0.0.11 / 9.0.0.x < 9.0.0.6 / 9.1.0.x < 9.1.0.2 / 9.1.1 TLS Key Renegotiation DoS |
code |
|
References
- http://www.securityfocus.com/bid/108027
- http://www.securityfocus.com/bid/108027
- https://exchange.xforce.ibmcloud.com/vulnerabilities/156564
- https://exchange.xforce.ibmcloud.com/vulnerabilities/156564
- https://www.ibm.com/support/docview.wss?uid=ibm10870484
- https://www.ibm.com/support/docview.wss?uid=ibm10870484