CVE-2023-28513

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/250397	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7007421	Patch Vendor Advisory
https://www.ibm.com/support/pages/node/7007731	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/250397	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7007421	Patch Vendor Advisory
https://www.ibm.com/support/pages/node/7007731	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:mq:9.0.0.0::::lts:::
	cpe:2.3:a:ibm:mq:9.1.0.0::::lts:::
	cpe:2.3:a:ibm:mq:9.2.0::::continuous_delivery:::
	cpe:2.3:a:ibm:mq:9.2.0::::lts:::
	cpe:2.3:a:ibm:mq:9.3.0::::continuous_delivery:::
	cpe:2.3:a:ibm:mq:9.3.0::::lts:::

OR	cpe:2.3:o:hp:hp-ux:-:::::::*
	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:ibm:i:-:::::::*
	cpe:2.3:o:ibm:linux_on_ibm_z:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:oracle:solaris:-:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ibm:mq_appliance:9.2.0.0::::continuous_delivery:::
	cpe:2.3:a:ibm:mq_appliance:9.2.0.0::::lts:::
	cpe:2.3:a:ibm:mq_appliance:9.3.0.0::::continuous_delivery:::
	cpe:2.3:a:ibm:mq_appliance:9.3.0.0::::lts:::

History

No history.

Information

Published : 2023-07-19 02:15

Updated : 2024-11-21 07:55

NVD link : CVE-2023-28513

Mitre link : CVE-2023-28513

CVE.ORG link : CVE-2023-28513

JSON object : View

Products Affected

linux

linux_kernel

ibm

i
mq
linux_on_ibm_z
aix
mq_appliance

hp

hp-ux

oracle

solaris

microsoft

windows

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2023-28513", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-07-19T02:15:09.530", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7007421", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7007731", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/7007421", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/7007731", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397."}], "lastModified": "2024-11-21T07:55:15.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE"}, {"criteria": "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "2E9E3A1B-D35D-4029-835C-C27917C2ABD7"}, {"criteria": "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:continuous_delivery:*:*:*", "vulnerable": true, "matchCriteriaId": "040DDAAF-8039-46BD-A11B-DC3BDFC136C6"}, {"criteria": "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "150A8804-DEE3-4974-B056-296AA8781131"}, {"criteria": "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", "vulnerable": true, "matchCriteriaId": "89BDCCFD-C1DF-4E19-8597-DF87C56D7E09"}, {"criteria": "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "BF356AA2-43D1-422A-80E1-822AE9C08094"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C"}, {"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21"}, {"criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}, {"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:continuous_delivery:*:*:*", "vulnerable": true, "matchCriteriaId": "90B0DD83-2F06-4829-8975-73B12A26A8B0"}, {"criteria": "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "0D974075-234B-443A-A6BE-3E2547379894"}, {"criteria": "cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:continuous_delivery:*:*:*", "vulnerable": true, "matchCriteriaId": "94219FC3-3106-4A79-B35B-67B4BE0D8857"}, {"criteria": "cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "217E8C0E-A3EB-44E8-929F-BBB3E1D43BA0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}