Security Bulletin
Summary
Threaded channel agents (amqrmppa) might not terminate when they are no longer required. This can lead to a denial of service through exhausting server resources.
Vulnerability Details
CVEID: CVE-2017-1145
DESCRIPTION: IBM WebSphere MQ does not properly terminate channel agents when they are no longer needed which could allow a user to cause a denial of service through resource exhaustion.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122198 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
Affected Products and Versions
IBM WebSphere MQ V8
The only maintenance level that is affected by this vulnerability is 8.0.0.6
IBM MQ Appliance
The only maintenance level that is affected by this vulnerability is 8.0.0.6
Remediation/Fixes
IBM WebSphere MQ V8
Download and apply ifix IT19218
IBM MQ Appliance
Download and apply ifix IT19218
Get Notified about Future Security Bulletins
References
Change History
03 March 2017: Initial version published
20 March 2017: Updated to include appliance fix details
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21999672