Sign-up

ID

VAR-201904-0357


CVE

CVE-2019-4055


TITLE

IBM MQ Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003617

DESCRIPTION

IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. IBM MQ Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 156564 Published as.Denial of service (DoS) May be in a state. An attacker can exploit this issue to cause a denial-of-service condition. The following product and versions are affected: IBM MQ and MQ Appliance from versions 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.1.0.0 through 9.1.0.1 and 9.1.0 through 9.1.1

Trust: 1.89

sources: NVD: CVE-2019-4055 // JVNDB: JVNDB-2019-003617 // BID: 108027

AFFECTED PRODUCTS

vendor:ibmmodel:mqscope:lteversion:9.0.0.5

Trust: 1.0

vendor:ibmmodel:mq appliancescope:lteversion:8.0.0.10

Trust: 1.0

vendor:ibmmodel:mq appliancescope:lteversion:9.1.0.1

Trust: 1.0

vendor:ibmmodel:mqscope:lteversion:9.1.0.1

Trust: 1.0

vendor:ibmmodel:mq appliancescope:gteversion:8.0.0.0

Trust: 1.0

vendor:ibmmodel:mqscope:gteversion:9.0.0.0

Trust: 1.0

vendor:ibmmodel:mqscope:gteversion:9.1.0.0

Trust: 1.0

vendor:ibmmodel:mq appliancescope:lteversion:9.1.1

Trust: 1.0

vendor:ibmmodel:mqscope:lteversion:9.1.1

Trust: 1.0

vendor:ibmmodel:mqscope:gteversion:8.0.0.0

Trust: 1.0

vendor:ibmmodel:mq appliancescope:gteversion:9.1.0

Trust: 1.0

vendor:ibmmodel:mq appliancescope:gteversion:9.1.0.0

Trust: 1.0

vendor:ibmmodel:mqscope:gteversion:9.1.0

Trust: 1.0

vendor:ibmmodel:mqscope:lteversion:8.0.0.10

Trust: 1.0

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.0 to 8.0.0.10

Trust: 0.8

vendor:ibmmodel:mq appliancescope:eqversion:9.0.0.0 to 9.0.0.5

Trust: 0.8

vendor:ibmmodel:mq appliancescope:eqversion:9.1.0.0 to 9.1.1

Trust: 0.8

vendor:ibmmodel:mq appliancescope:eqversion:9.1.1

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.9

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.8

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.7

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.6

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.5

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.4

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.3

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.1

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.0

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:9.1.1

Trust: 0.3

vendor:ibmmodel:mq cdscope:eqversion:9.0.5

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:9.0.5

Trust: 0.3

vendor:ibmmodel:mq cdscope:eqversion:9.0.4

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:9.0.4

Trust: 0.3

vendor:ibmmodel:mq cdscope:eqversion:9.0.3

Trust: 0.3

vendor:ibmmodel:mq cdscope:eqversion:9.0.2

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:9.0.2

Trust: 0.3

vendor:ibmmodel:mq cdscope:eqversion:9.0.1

Trust: 0.3

vendor:ibmmodel:mq cdscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:9.1.0.1

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:9.1.0.0

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:9.0.3

Trust: 0.3

vendor:ibmmodel:mq ltsscope:eqversion:9.0.0.5

Trust: 0.3

vendor:ibmmodel:mq ltsscope:eqversion:9.0.0.4

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:9.0.0.4

Trust: 0.3

vendor:ibmmodel:mq ltsscope:eqversion:9.0.0.3

Trust: 0.3

vendor:ibmmodel:mq ltsscope:eqversion:9.0.0.2

Trust: 0.3

vendor:ibmmodel:mq ltsscope:eqversion:9.0.0.1

Trust: 0.3

vendor:ibmmodel:mq ltsscope:eqversion:9.0.0.0

Trust: 0.3

vendor:ibmmodel:mq ltsscope:eqversion:9

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:8.0.0.9

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:8.0.0.8

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:8.0.0.7

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:8.0.0.6

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:8.0.0.5

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:8.0.0.4

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:8.0.0.2

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:8.0.0.10

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:8.0.0.1

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:8.0.0.0

Trust: 0.3

vendor:ibmmodel:mqscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:mqscope:neversion:9.1.2

Trust: 0.3

vendor:ibmmodel:mq ltsscope:neversion:9.0.0.6

Trust: 0.3

vendor:ibmmodel:mqscope:neversion:8.0.0.11

Trust: 0.3

sources: BID: 108027 // JVNDB: JVNDB-2019-003617 // NVD: CVE-2019-4055

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-4055
value: HIGH

Trust: 1.0

psirt@us.ibm.com: CVE-2019-4055
value: HIGH

Trust: 1.0

NVD: CVE-2019-4055
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-879
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-4055
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

psirt@us.ibm.com: CVE-2019-4055
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-4055
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: JVNDB: JVNDB-2019-003617 // CNNVD: CNNVD-201904-879 // NVD: CVE-2019-4055 // NVD: CVE-2019-4055

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-003617 // NVD: CVE-2019-4055

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-879

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-879

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003617

PATCH
title:0870484url:https://www.ibm.com/support/docview.wss?uid=ibm10870484
Trust: 0.8
title:ibm-websphere-cve20194055-dos (156564)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/156564
Trust: 0.8
title:IBM MQ  and IBM MQ Appliance Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=91713
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003617 // 
            
            
            
            CNNVD: CNNVD-201904-879

EXTERNAL IDS
db:NVDid:CVE-2019-4055
Trust: 2.7
db:BIDid:108027
Trust: 1.9
db:JVNDBid:JVNDB-2019-003617
Trust: 0.8
db:AUSCERTid:ESB-2019.1347
Trust: 0.6
db:AUSCERTid:ESB-2019.4784
Trust: 0.6
db:AUSCERTid:ESB-2023.4106
Trust: 0.6
db:AUSCERTid:ESB-2019.3122
Trust: 0.6
db:CNNVDid:CNNVD-201904-879
Trust: 0.6
sources:
            
            
            BID: 108027 // 
            
            
            
            JVNDB: JVNDB-2019-003617 // 
            
            
            
            CNNVD: CNNVD-201904-879 // 
            
            
            
            NVD: CVE-2019-4055

REFERENCES
url:https://www.ibm.com/support/docview.wss?uid=ibm10870484
Trust: 2.2
url:http://www.securityfocus.com/bid/108027
Trust: 2.2
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/156564
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-4055
Trust: 1.4
url:http://www.ibm.com/
Trust: 0.9
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10870484
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4055
Trust: 0.8
url:https://www.ibm.com/support/pages/node/1137634
Trust: 0.6
url:https://www.ibm.com/support/pages/node/1115109
Trust: 0.6
url:https://www.ibm.com/support/docview.wss?uid=ibm10967151
Trust: 0.6
url:https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-tls-key-renegotiation-29053
Trust: 0.6
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10967151
Trust: 0.6
url:https://www.ibm.com/support/pages/node/1115031
Trust: 0.6
url:https://www.auscert.org.au/bulletins/79378
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2023.4106
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3122/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4784/
Trust: 0.6
sources:
            
            
            BID: 108027 // 
            
            
            
            JVNDB: JVNDB-2019-003617 // 
            
            
            
            CNNVD: CNNVD-201904-879 // 
            
            
            
            NVD: CVE-2019-4055

CREDITS
The vendor reported the issue.
Trust: 0.9
sources:
            
            
            BID: 108027 // 
            
            
            
            CNNVD: CNNVD-201904-879

SOURCES
db:BIDid:108027
db:JVNDBid:JVNDB-2019-003617
db:CNNVDid:CNNVD-201904-879
db:NVDid:CVE-2019-4055

LAST UPDATE DATE
2024-11-23T19:38:16.858000+00:00

SOURCES UPDATE DATE
db:BIDid:108027date:2019-04-16T00:00:00
db:JVNDBid:JVNDB-2019-003617date:2019-05-21T00:00:00
db:CNNVDid:CNNVD-201904-879date:2023-07-21T00:00:00
db:NVDid:CVE-2019-4055date:2024-11-21T04:43:05.823

SOURCES RELEASE DATE
db:BIDid:108027date:2019-04-16T00:00:00
db:JVNDBid:JVNDB-2019-003617date:2019-05-21T00:00:00
db:CNNVDid:CNNVD-201904-879date:2019-04-17T00:00:00
db:NVDid:CVE-2019-4055date:2019-04-19T17:29:01.987