CVE-2024-25015 - Vulnerability Details - OpenCVE

IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix Linux On Ibm Z Mq
Linux	Linux Kernel
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:mq:::::lts:::*
	cpe:2.3:a:ibm:mq:::::continuous_delivery:::*
	cpe:2.3:a:ibm:mq:::::lts:::*

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:ibm:linux_on_ibm_z:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/281278
https://www.ibm.com/support/pages/node/7149583

History

Thu, 21 Aug 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm aix Ibm linux On Ibm Z Linux Linux linux Kernel Microsoft Microsoft windows
CPEs		cpe:2.3:a:ibm:mq:::::continuous_delivery:::* cpe:2.3:a:ibm:mq:::::lts:::* cpe:2.3:o:ibm:aix:-:::::::* cpe:2.3:o:ibm:linux_on_ibm_z:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Ibm aix Ibm linux On Ibm Z Linux Linux linux Kernel Microsoft Microsoft windows

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-05-01T16:16:16.641Z

Updated: 2024-08-01T23:36:21.594Z

Reserved: 2024-02-03T14:48:56.576Z

Link: CVE-2024-25015

Vulnrichment

Updated: 2024-08-01T23:36:21.594Z

NVD

Status : Analyzed

Published: 2024-05-01T17:15:29.720

Modified: 2025-08-21T15:15:50.997

Link: CVE-2024-25015

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-25015", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-02-03T14:48:56.576Z", "datePublished": "2024-05-01T16:16:16.641Z", "dateUpdated": "2024-08-01T23:36:21.594Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [{"status": "affected", "version": "9.2 LTS, 9.3 LTS, 9.3 CD"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278."}], "value": "IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-406", "description": "CWE-406 Insufficient Control of Network Message Volume (Network Amplification)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-05-01T16:16:16.641Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7149583"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281278"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM MQ denial of service", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "ibm", "product": "mq", "cpes": ["cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "9.2 LTS", "status": "affected"}, {"version": "9.3 LTS", "status": "affected"}, {"version": "9.3 CD", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-05T18:12:08.972815Z", "id": "CVE-2024-25015", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T18:16:18.663Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:36:21.594Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7149583"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281278"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/7149583", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281278", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:36:21.594Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25015", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-05T18:12:08.972815Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "mq", "versions": [{"status": "affected", "version": "9.2 LTS"}, {"status": "affected", "version": "9.3 LTS"}, {"status": "affected", "version": "9.3 CD"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T18:07:02.000Z"}}], "cna": {"title": "IBM MQ denial of service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "IBM", "product": "MQ", "versions": [{"status": "affected", "version": "9.2 LTS, 9.3 LTS, 9.3 CD"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7149583", "tags": ["vendor-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281278", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.", "supportingMedia": [{"type": "text/html", "value": "IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-406", "description": "CWE-406 Insufficient Control of Network Message Volume (Network Amplification)"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-05-01T16:16:16.641Z"}}}, "cveMetadata": {"cveId": "CVE-2024-25015", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:36:21.594Z", "dateReserved": "2024-02-03T14:48:56.576Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-05-01T16:16:16.641Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "matchCriteriaId": "36CE5A1D-7365-4A25-9778-AFD360D3BAA5", "versionEndExcluding": "9.2.0.25", "versionStartIncluding": "9.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", "matchCriteriaId": "4BCD56F5-E6E9-4C0D-8AFC-B6A2FE72DA75", "versionEndExcluding": "9.3.5", "versionStartIncluding": "9.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "matchCriteriaId": "03C102A4-E985-4228-8428-3C03B06F31F7", "versionEndExcluding": "9.3.0.17", "versionStartIncluding": "9.3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false}, {"criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*", "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278."}, {"lang": "es", "value": "IBM MQ 9.2 LTS, 9.3 LTS y 9.3 CD Internet Pass-Thru podr\u00eda permitir que un usuario remoto provoque una denegaci\u00f3n de servicio enviando solicitudes HTTP que consumir\u00edan todos los recursos disponibles. ID de IBM X-Force: 281278."}], "id": "CVE-2024-25015", "lastModified": "2025-08-21T15:15:50.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2024-05-01T17:15:29.720", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281278"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7149583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281278"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7149583"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-406"}], "source": "psirt@us.ibm.com", "type": "Secondary"}]}