6.5
CVE-2019-4141
- EPSS 0.46%
- Published 27.09.2019 14:15:11
- Last modified 21.11.2024 04:43:13
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ Websphere Mq SwEdition- Version >= 7.1.0.0 <= 7.1.0.9
Ibm ≫ Websphere Mq SwEdition- Version >= 7.5.0.0 <= 7.5.0.9
Ibm ≫ Websphere Mq SwEdition- Version >= 8.0.0.0 <= 8.0.0.11
Ibm ≫ Websphere Mq SwEditionlts Version >= 9.0.0.0 <= 9.0.0.6
Ibm ≫ Websphere Mq SwEdition- Version >= 9.1.0.0 <= 9.1.0.2
Ibm ≫ Websphere Mq SwEdition- Version >= 9.1.1 <= 9.1.2
Ibm ≫ Websphere Mq Appliance SwEdition- Version >= 8.0.0.0 <= 8.0.0.11
Ibm ≫ Websphere Mq Appliance SwEditionlts Version >= 9.1.0.0 <= 9.1.0.2
Ibm ≫ Websphere Mq Appliance SwEditioncd Version >= 9.1.1 <= 9.1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.613 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
| psirt@us.ibm.com | 5.3 | 1.6 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.