Summary IBM MQ has resolved a denial of service vulnerability. Vulnerability Details CVEID: CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by a bug in the parser. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268485 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Product(s) | Version(s) —|— IBM MQ | 9.1 LTS IBM MQ | 9.2 LTS IBM MQ | 9.3 LTS IBM MQ | 9.3 CD The following installable MQ components are affected by the vulnerability: – Java messaging – MQ IPT – REST API and Console – Managed File Transfer If you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins Remediation/Fixes These issues were resolved under APAR IT44821 **IBM MQ version 9.1 LTS ** Apply Cumulative Security Update 9.1.0.19 IBM MQ version 9.2 LTS Apply Cumulative Security Update 9.2.0.21 IBM MQ version 9.3 LTS Apply Fix Pack 9.3.0.15 IBM MQ version 9.3 CD Apply Cumulative Security Update 9.3.4.1 Workarounds and Mitigations…Read More