CVE-2022-43902

Published Mar 10, 2023

Last updated a year ago

CVSS high 7.5

Overview

Description: IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F018BC3-BE95-4A31-BAA3-E9FF3C67E730",
            "versionEndExcluding": "9.2.0.8",
            "versionStartIncluding": "9.2.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02B72A13-02A9-49EA-AF96-81A4BFDCC729",
            "versionEndExcluding": "9.2.5",
            "versionStartIncluding": "9.2.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:mq_appliance:9.2.5:-:*:*:continuous_delivery:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FEE5BED-5834-4B46-99DD-7F3A7C294B3E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:mq_appliance:9.2.5:cumulative_security_update_01:*:*:continuous_delivery:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF1BCC03-D23D-4E78-A9D7-C4C57ABD8C5C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:mq_appliance:9.2.5:cumulative_security_update_02:*:*:continuous_delivery:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83064B13-0E1D-4DCC-A0E2-7994071D7147"
          },
          {
            "criteria": "cpe:2.3:a:ibm:mq_appliance:9.2.5:cumulative_security_update_03:*:*:continuous_delivery:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50D05C07-FAEF-499A-8AB4-22B9D2E2448E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:continuous_delivery:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94219FC3-3106-4A79-B35B-67B4BE0D8857"
          },
          {
            "criteria": "cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "217E8C0E-A3EB-44E8-929F-BBB3E1D43BA0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:mq_appliance:9.3.1:*:*:*:continuous_delivery:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BBA8CE2-BE0A-4C2D-BC3A-C18259D4E5C3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References