Skip to main content

Mq Appliance CVE-2024-51471

MEDIUM
Out-of-bounds Read (CWE-125)
2024-12-19 psirt@us.ibm.com
5.3
CVSS 3.1 · Vendor: us
Share

Severity by source

Vendor (us) PRIMARY
5.3 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (us) · only source for this CVE.

CVSS VectorVendor: us

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 19, 2024 - 18:15 cve.org
MEDIUM 5.3

DescriptionCVE.org

IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.

AnalysisAI

IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. Affected products include: Ibm Mq Appliance.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2017-1318 HIGH
8.8 Jul 18

IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the s

CVE-2025-0975 HIGH
8.8 Feb 28

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper ne

CVE-2023-46176 HIGH
7.8 Nov 03

IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper valid

CVE-2019-4294 HIGH
7.8 Aug 20

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0

CVE-2024-25048 HIGH
7.5 Apr 27

IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. Rate

CVE-2024-25016 HIGH
7.5 Mar 03

IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a d

CVE-2023-46177 HIGH
7.5 Dec 18

IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. Rated high seve

CVE-2023-28513 HIGH
7.5 Jul 19

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS

CVE-2020-4375 HIGH
7.5 Jul 28

IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of s

CVE-2019-4055 HIGH
7.5 Apr 19

IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service

CVE-2021-38967 MEDIUM
6.7 Nov 30

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. Rated medi

CVE-2025-23225 MEDIUM
6.5 Feb 28

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the im

Share

CVE-2024-51471 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy