CVE-2024-35116 – IBM MQ versions 9.0 LTS through 9.3 CD are vuln... (How to Fix)

Q: What is the severity of CVE-2024-35116?

CVE-2024-35116 has a CVSS score of 5.9 (MEDIUM). IBM MQ versions 9.0 LTS through 9.3 CD are vulnerable to denial of service attacks when configuration changes are applied. Attackers can exploit this to disrupt MQ services, affecting organizations using these IBM MQ versions for message queuing.

📋 TL;DR

IBM MQ versions 9.0 LTS through 9.3 CD are vulnerable to denial of service attacks when configuration changes are applied. Attackers can exploit this to disrupt MQ services, affecting organizations using these IBM MQ versions for message queuing.

💻 Affected Systems

Products:

IBM MQ

Versions: 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD

Operating Systems: All supported platforms for IBM MQ

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when applying configuration changes; default installations are affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of IBM MQ, preventing message processing and causing business operations to halt.

🟠

Likely Case

Temporary service interruption during configuration changes, requiring restart or manual intervention to restore functionality.

🟢

If Mitigated

Minimal impact with proper access controls and monitoring; service may experience brief degradation but recovers quickly.

🌐 Internet-Facing: MEDIUM - While exploitation requires configuration change access, internet-facing MQ instances could be targeted if misconfigured.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts with configuration privileges could disrupt critical messaging services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to apply configuration changes; no public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes per IBM advisory: 9.0 LTS (9.0.0.19), 9.1 LTS (9.1.0.15), 9.2 LTS (9.2.0.12), 9.3 LTS (9.3.0.8), 9.3 CD (9.3.0.8)

Vendor Advisory: https://www.ibm.com/support/pages/node/7157387

Restart Required: Yes

Instructions:

1. Review IBM advisory for your specific version. 2. Download appropriate fix from IBM Fix Central. 3. Apply fix following IBM MQ update procedures. 4. Restart MQ services to activate changes.

🔧 Temporary Workarounds

Restrict Configuration Access

all

Limit who can apply configuration changes to trusted administrators only.

# Use MQ security features to restrict configuration privileges
# chmqaut -m QueueManagerName -t qmgr -p UserName +connect +inq +setall

Schedule Configuration Changes

all

Apply configuration changes during maintenance windows with monitoring.

# Monitor MQ logs during configuration changes
# dspmqtrn -m QueueManagerName
# dspmq -o status

🧯 If You Can't Patch

Implement strict access controls for MQ configuration management
Monitor MQ services closely during configuration changes and have recovery procedures ready

🔍 How to Verify

Check if Vulnerable:

Check IBM MQ version using dspmqver command and compare against affected versions list.

Check Version:

dspmqver

Verify Fix Applied:

Verify version after patching with dspmqver and confirm it matches fixed versions in IBM advisory.

📡 Detection & Monitoring

Log Indicators:

Unexpected MQ service restarts after configuration changes
Error messages related to configuration application failures in AMQERR01.LOG

Network Indicators:

Sudden drop in MQ message traffic
Connection failures to MQ services

SIEM Query:

source="mq_logs" AND ("configuration error" OR "service stopped" OR "unexpected termination")

📊 Metadata

CVE ID: CVE-2024-35116

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-789

Published: June 28, 2024

Last Updated: November 21, 2024

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/290335 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7157387 Vendor Advisory
https://www.ibm.com/support/pages/node/7158071 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/290335 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7157387 Vendor Advisory
https://www.ibm.com/support/pages/node/7158071 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35116, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mq by Ibm

Mq by Ibm

Mq by Ibm

Mq by Ibm

Mq by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Configuration Access

Schedule Configuration Changes

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities