High Severity

IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack within the TLS key renegotiation functions (CVE-2019-4055)

Share this post:

A vulnerability was discovered within the TLS key renegotiation functions which could be exploited to execute a denial of service attack against an IBM MQ queue manager.

CVE(s): CVE-2019-4055

Affected product(s) and affected version(s):
IBM MQ and IBM MQ Appliance V8 versions 8.0.0.0 – 8.0.0.10
IBM MQ V9 LTS versions 9.0.0.0 – 9.0.0.5
IBM MQ and IBM MQ Appliance V9.1 LTS versions 9.1.0.0 – 9.1.0.1
IBM MQ and IBM MQ Appliance V9.1 CD versions 9.1.0 – 9.1.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10870484
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156564

More stories

IBM Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Access Manager Appliance

Jun 22, 2019 9:01 am EDT | High Severity

Multiple Security vulnerabilities have been fixed in the 9.0.7 IBM Security Access Manager (ISAM) appliance. CVE(s): CVE-2018-0732, CVE-2018-0739, CVE-2017-3735, CVE-2019-4152, CVE-2019-4151, CVE-2019-4150, CVE-2019-4153, CVE-2019-4156, CVE-2019-4157, CVE-2019-4158, CVE-2019-5953, CVE-2019-9636, CVE-2019-4135, CVE-2013-2197, CVE-2016-10542, CVE-2016-5725, CVE-2018-16850, CVE-2017-7546, CVE-2017-12172, CVE-2016-7048, CVE-2016-0766, CVE-2019-4145 Affected product(s) and affected version(s):ISAM 9.0.1, 9.0.2 9.0.3, 9.0.4, 9.0.5, 9.0.6 ISAM Appliance 9.0.1, 9.0.2 9.0.3, 9.0.4, ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand

Jun 22, 2019 9:01 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0 used by Host On-Demand. Host On-Demand has addressed the applicable CVEs. CVE(s): CVE-2019-2449, CVE-2018-12547 Affected product(s) and affected version(s): Host On-Demand: 12.0, 12.0.0.1, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.4.1 Host On-Demand: 13.0, 13.0.1, 13.0.1.1 and 13.0.2 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Vulnerabilities in cURL affect QLogic Virtual Fabric Extension Module for IBM BladeCenter

Jun 22, 2019 9:00 am EDT | High Severity

The following vulnerabilities in cURL have been addressed by QLogic Virtual Fabric Extension Module for IBM BladeCenter. CVE(s): CVE-2018-1000007, CVE-2018-1000005, CVE-2017-8818, CVE-2017-8817, CVE-2017-8816 Affected product(s) and affected version(s): Product Affected Version Qlogic Virtual Fabric Extension Module for IBM BladeCenter Firmware Update 9.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more