Details of VAR-202404-2194

ID

VAR-202404-2194

CVE

CVE-2024-25048

TITLE

IBM MQ Appliance Buffer Overflow Vulnerability (CNVD-2024-22243)

Trust: 0.6

sources: CNVD: CNVD-2024-22243

DESCRIPTION

IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137. IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware

Trust: 1.44

sources: NVD: CVE-2024-25048 // CNVD: CNVD-2024-22243

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-22243

AFFECTED PRODUCTS

vendor:	ibm	model:	mq appliance lts	scope:	eq	version:	9.3	Trust: 0.6
vendor:	ibm	model:	mq appliance cd	scope:	eq	version:	9.3	Trust: 0.6

sources: CNVD: CNVD-2024-22243

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@us.ibm.com:	CVE-2024-25048
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-22243
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-22243
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@us.ibm.com:	CVE-2024-25048
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-22243 // NVD: CVE-2024-25048

PROBLEMTYPE DATA

problemtype:

CWE-122

Trust: 1.0

sources: NVD: CVE-2024-25048

PATCH

title:

Patch for IBM MQ Appliance Buffer Overflow Vulnerability (CNVD-2024-22243)

url:

https://www.cnvd.org.cn/patchInfo/show/545971

Trust: 0.6

sources: CNVD: CNVD-2024-22243

EXTERNAL IDS

db:	NVD	id:	CVE-2024-25048	Trust: 1.6
db:	CNVD	id:	CNVD-2024-22243	Trust: 0.6

sources: CNVD: CNVD-2024-22243 // NVD: CVE-2024-25048

REFERENCES

url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/283137	Trust: 1.6
url:	https://www.ibm.com/support/pages/node/7149481	Trust: 1.0

sources: CNVD: CNVD-2024-22243 // NVD: CVE-2024-25048

SOURCES

db:	CNVD	id:	CNVD-2024-22243
db:	NVD	id:	CVE-2024-25048

LAST UPDATE DATE

2024-08-14T13:51:48.851000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-22243	date:	2024-05-13T00:00:00
db:	NVD	id:	CVE-2024-25048	date:	2024-04-29T12:42:03.667

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-22243	date:	2024-05-13T00:00:00
db:	NVD	id:	CVE-2024-25048	date:	2024-04-27T12:15:10.517