IBM MQ Multiple Vulnerabilities

Release Date: 30 Apr 2024 1891 Views

RISK: Medium Risk

TYPE: Servers - Network Management

Multiple vulnerabilities were identified in IBM MQ. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure and remote code execution on the targeted system.

Impact

Denial of Service
Information Disclosure
Remote Code Execution

System / Technologies affected

IBM MQ 9.0 LTS
IBM MQ 9.1 LTS
IBM MQ 9.2 LTS
IBM MQ 9.3 CD
IBM MQ 9.3 LTS
IBM MQ Appliance 9.3 LTS
IBM MQ Appliance 9.3 CD

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

https://www.ibm.com/support/pages/node/7149484
https://www.ibm.com/support/pages/node/7149481
https://www.ibm.com/support/pages/node/7142040
https://www.ibm.com/support/pages/node/7149482
https://www.ibm.com/support/pages/node/7149483
https://www.ibm.com/support/pages/node/7149584
https://www.ibm.com/support/pages/node/7149582
https://www.ibm.com/support/pages/node/7149586
https://www.ibm.com/support/pages/node/7149581
https://www.ibm.com/support/pages/node/7149583

Vulnerability Identifier

CVE-2023-6237
CVE-2023-26159
CVE-2023-28466
CVE-2023-33850
CVE-2024-0727
CVE-2024-20952
CVE-2024-25015
CVE-2024-25048

Source

AusCERT
IBM