CVE-2024-39743 - OpenCVE

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Mq Operator

Configuration 1 [-]

OR	cpe:2.3:a:ibm:mq_operator::::::::
	cpe:2.3:a:ibm:mq_operator::::::::
	cpe:2.3:a:ibm:mq_operator::::::::
	cpe:2.3:a:ibm:mq_operator::::::::
	cpe:2.3:a:ibm:mq_operator::::::::
	cpe:2.3:a:ibm:mq_operator::::::::
	cpe:2.3:a:ibm:mq_operator:3.0.0:::::::*
	cpe:2.3:a:ibm:mq_operator:3.0.1:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/297172
https://www.ibm.com/support/pages/node/7159714

History

Wed, 07 Aug 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm Ibm mq Operator
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:a:ibm:mq_operator:::::::: cpe:2.3:a:ibm:mq_operator:3.0.0:::::::* cpe:2.3:a:ibm:mq_operator:3.0.1:::::::*
Vendors & Products		Ibm Ibm mq Operator

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-07-08T13:14:43.915Z

Updated: 2024-08-02T04:26:16.002Z

Reserved: 2024-06-28T09:34:46.056Z

Link: CVE-2024-39743

Vulnrichment

Updated: 2024-08-02T04:26:16.002Z

NVD

Status : Analyzed

Published: 2024-07-08T14:15:02.823

Modified: 2024-08-07T16:10:15.813

Link: CVE-2024-39743

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39743", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-06-28T09:34:46.056Z", "datePublished": "2024-07-08T13:14:43.915Z", "dateUpdated": "2024-08-02T04:26:16.002Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MQ Operator", "vendor": "IBM", "versions": [{"status": "affected", "version": "2.0.24, 3.2.2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172."}], "value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-405", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-07-12T13:48:40.013Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7159714"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM MQ Container denial of service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-08T17:41:53.322390Z", "id": "CVE-2024-39743", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T19:58:56.562Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:16.002Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7159714"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/7159714", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:16.002Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39743", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-08T17:41:53.322390Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T19:58:53.935Z"}}], "cna": {"title": "IBM MQ Container denial of service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "IBM", "product": "MQ Operator", "versions": [{"status": "affected", "version": "2.0.24, 3.2.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7159714", "tags": ["vendor-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.", "supportingMedia": [{"type": "text/html", "value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-405", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-07-12T13:48:40.013Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39743", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:26:16.002Z", "dateReserved": "2024-06-28T09:34:46.056Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-07-08T13:14:43.915Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*", "matchCriteriaId": "99553BC0-D49F-46BA-B833-8A6C9A8BBDF8", "versionEndExcluding": "2.0.24", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE923D7C-C0E9-4CE1-B7B9-7694F1006550", "versionEndIncluding": "2.2.2", "versionStartIncluding": "2.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*", "matchCriteriaId": "F006FBC3-0F42-41B7-B4E4-ABD22F80E5FE", "versionEndIncluding": "2.3.3", "versionStartIncluding": "2.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*", "matchCriteriaId": "266BF570-D143-4E99-A596-B2485C2E1DB7", "versionEndIncluding": "2.4.8", "versionStartIncluding": "2.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*", "matchCriteriaId": "82E5BBE5-8A1C-44A1-BDDA-5B504F9D14E6", "versionEndIncluding": "3.1.3", "versionStartIncluding": "3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*", "matchCriteriaId": "64E7B54E-E5D2-4FD1-81FE-6DDC77C67684", "versionEndExcluding": "3.2.2", "versionStartIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF662FFB-4349-4DEF-B1AA-BFBAEE20780F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C238288E-9E3C-4FD8-88E7-E850DCE5B36F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172."}, {"lang": "es", "value": "IBM MQ Operador 3.2.2 e IBM MQ Operador 2.0.24 podr\u00edan permitir a un usuario provocar una denegaci\u00f3n de servicio en determinadas configuraciones debido a una vulnerabilidad de comparaci\u00f3n de cadenas parciales. ID de IBM X-Force: 297172."}], "id": "CVE-2024-39743", "lastModified": "2024-08-07T16:10:15.813", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2024-07-08T14:15:02.823", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7159714"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-405"}], "source": "psirt@us.ibm.com", "type": "Secondary"}]}