CVE-2024-35116 - Vulnerability Details - OpenCVE

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Mq Mq Appliance

Configuration 1 [-]

OR	cpe:2.3:a:ibm:mq:::::lts:::*
	cpe:2.3:a:ibm:mq:::::lts:::*
	cpe:2.3:a:ibm:mq:::::lts:::*
	cpe:2.3:a:ibm:mq:::::lts:::*
	cpe:2.3:a:ibm:mq:::::continuous_delivery:::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/290335
https://www.ibm.com/support/pages/node/7157387
https://www.ibm.com/support/pages/node/7158071

History

Wed, 21 Aug 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm mq
Weaknesses		CWE-770
CPEs		cpe:2.3:a:ibm:mq:::::continuous_delivery:::* cpe:2.3:a:ibm:mq:::::lts:::*
Vendors & Products		Ibm mq

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-06-28T18:20:50.152Z

Updated: 2024-08-02T03:07:46.479Z

Reserved: 2024-05-09T16:27:02.679Z

Link: CVE-2024-35116

Vulnrichment

Updated: 2024-08-02T03:07:46.479Z

NVD

Status : Modified

Published: 2024-06-28T19:15:05.677

Modified: 2024-11-21T09:19:48.577

Link: CVE-2024-35116

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35116", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-05-09T16:27:02.679Z", "datePublished": "2024-06-28T18:20:50.152Z", "dateUpdated": "2024-08-02T03:07:46.479Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:mq_appliance:9.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*"], "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [{"status": "affected", "version": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335."}], "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-789", "description": "CWE-789 Uncontrolled Memory Allocation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-06-28T18:20:50.152Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7157387"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/290335"}, {"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7158071"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM MQ denial of service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35116", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-01T18:02:58.397744Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T17:21:11.921Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:07:46.479Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7157387"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/290335"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7158071"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/7157387", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/290335", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://www.ibm.com/support/pages/node/7158071", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:07:46.479Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35116", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-01T18:02:58.397744Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:44.579Z"}}], "cna": {"title": "IBM MQ denial of service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:mq_appliance:9.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*"], "vendor": "IBM", "product": "MQ", "versions": [{"status": "affected", "version": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7157387", "tags": ["vendor-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/290335", "tags": ["vdb-entry"]}, {"url": "https://www.ibm.com/support/pages/node/7158071", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.", "supportingMedia": [{"type": "text/html", "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-789", "description": "CWE-789 Uncontrolled Memory Allocation"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-06-28T18:20:50.152Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35116", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:07:46.479Z", "dateReserved": "2024-05-09T16:27:02.679Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-06-28T18:20:50.152Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "matchCriteriaId": "0F7AE324-028C-4DCB-A1BB-BE209125EEF6", "versionEndExcluding": "9.0.0.26", "versionStartIncluding": "9.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "matchCriteriaId": "84B085AC-205B-441B-90C0-3731FDB3684E", "versionEndExcluding": "9.1.0.22", "versionStartIncluding": "9.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "matchCriteriaId": "33B307E9-EF56-4AC2-8DD2-F12B106AB720", "versionEndExcluding": "9.2.0.26", "versionStartIncluding": "9.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "matchCriteriaId": "4DD52D2F-285B-411F-A3AD-0425DF8A9BCF", "versionEndExcluding": "9.3.0.20", "versionStartIncluding": "9.3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", "matchCriteriaId": "F269675C-6B94-46A4-86FA-635841C87EAB", "versionEndExcluding": "9.4.0.0", "versionStartIncluding": "9.3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335."}, {"lang": "es", "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS y 9.3 CD es vulnerable a un ataque de denegaci\u00f3n de servicio causado por un error al aplicar cambios de configuraci\u00f3n. ID de IBM X-Force: 290335."}], "id": "CVE-2024-35116", "lastModified": "2024-11-21T09:19:48.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-28T19:15:05.677", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/290335"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7157387"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7158071"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/290335"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7157387"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7158071"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-789"}], "source": "psirt@us.ibm.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}