Insufficient Control of Network Message Volume (Network Amplification)

CVE-2024-25015

High

7.5/10

Summary

IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-406 - Insufficient Control of Network Message Volume (Network Amplification)

The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.

References

Advisory Timeline

Published May 01, 2024

Insufficient Control of Network Message Volume (Network Amplification)

CVE-2024-25015

Summary

CWE-406 - Insufficient Control of Network Message Volume (Network Amplification)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS