Vulnérabilité TLS dans MQ : CVE-2019-405

 

A vulnerability was discovered within the TLS key renegotiation functions which could be exploited to execute a denial of service attack against an IBM MQ queue manager.

Version de MQ concernées :

  • 8.0
  • 9.0 LTS & CD
  • 9.1 LTS
  • 9.1.1 CD

Solution : passer au dernier niveau de fix :

  • 8.0.0.11
  • 9.0.0.6
  • 9.1.0.2
  • 9.1.2

Lien : Security Bulletin : IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack within the TLS key renegotiation functions (CVE-2019-4055)