CVE-2024-25015 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ibm	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Vendor	Product	Version
ibm	mq	9.2.0.0 ≤ 𝑥 < 9.2.0.25
ibm	mq	9.3.0 ≤ 𝑥 < 9.3.5
ibm	mq	9.3.0.0 ≤ 𝑥 < 9.3.0.17

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-406 - Insufficient Control of Network Message Volume (Network Amplification)
The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/281278

https://www.ibm.com/support/pages/node/7149583

https://exchange.xforce.ibmcloud.com/vulnerabilities/281278

https://www.ibm.com/support/pages/node/7149583