IBM Support

Security Bulletin: A vulnerability related to a DOS attack found in IBM MQ which is shipped with IBM® Intelligent Operations Center(CVE-2019-4261)

Security Bulletin


Summary

A vulnerability related to a DOS attack caused by specially crafted message found in IBM MQ which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs.

Vulnerability Details

CVEID:   CVE-2019-4261
DESCRIPTION:   IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/160013 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)Version(s)
Intelligent Operations Center (IOC)5.1.0, 5.1.0.2 ,5.1.0.3, 5.1.0.4, 5.1.0.6, 5.2, 5.2.1, 5.2.2

Remediation/Fixes

The recommended solution is to apply an interim fix that contains the fix for this issue as soon as practical.

Download the IBM Intelligent Operations Center Version 5.2.3 is an upgrade to IBM Intelligent Operations Center Version 5.2.2 through IBM Intelligent Operations Center Version 5.2 from the following link:

IBM Intelligent Operations Center Version 5.2.3

Installation instructions for the fix are included in the readme document that is in the fix package.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Change History

08 Aug 2022: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3NGB","label":"IBM Intelligent Operations Center"},"Component":"","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF051","label":"Linux on IBM Z Systems"},{"code":"PF033","label":"Windows"}],"Version":"5.1.0, 5.1.0.2 ,5.1.0.3, 5.1.0.4, 5.1.0.6, 5.2, 5.2.1, 5.2.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Document Information

Modified date:
07 September 2022

Initial Publish date:
08 August 2022

UID

ibm16618737