#VU89108 Heap-based buffer overflow in IBM MQ Appliance


Published: 2024-05-02

Vulnerability identifier: #VU89108

Vulnerability risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-25048

CWE-ID: CWE-122

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM MQ Appliance
Other software / Other software solutions

Vendor: IBM Corporation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper bounds checking. A remote attacker can overflow a buffer and execute arbitrary code on the system or cause the server to crash.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM MQ Appliance: All versions

External links
http://www.ibm.com/support/pages/node/7149481
http://exchange.xforce.ibmcloud.com/vulnerabilities/283137

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Robotic Process Automation
Heap-based buffer overflow in IBM MQ Appliance
Multiple vulnerabilities in IBM WebSphere Remote Server
Heap-based buffer overflow in IBM MQ
Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
Heap-based buffer overflow in IBM MQ for HPE NonStop