CVE-2024-25015

IBM MQ denial of service

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.

IBM MQ 9.2 LTS, 9.3 LTS y 9.3 CD Internet Pass-Thru podría permitir que un usuario remoto provoque una denegación de servicio enviando solicitudes HTTP que consumirían todos los recursos disponibles. ID de IBM X-Force: 281278.

*Credits: N/A

CVSS Scores

IBM Corporationv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-03 CVE Reserved
2024-05-01 CVE Published
2024-05-02 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-406: Insufficient Control of Network Message Volume (Network Amplification)

CAPEC

References (2)

URL	Tag	Source
https://exchange.xforce.ibmcloud.com/vulnerabilities/281278	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.ibm.com/support/pages/node/7149583	2024-05-01

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
-		-				-		-		-