CVE-2015-4943
Description
A sequence of connect and disconnect actions can crash the MQXR service in IBM WebSphere MQ Light 1.x before 1.0.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A sequence of connect and disconnect actions can crash the MQXR service in IBM WebSphere MQ Light 1.x before 1.0.2.
Vulnerability
IBM WebSphere MQ Light versions 1.0 and 1.0.1 on all platforms allow remote attackers to cause the MQXR service to crash via a series of connect and disconnect actions [1]. This denial-of-service vulnerability (CVE-2015-4943) is distinct from CVE-2015-4942.
Exploitation
An unauthenticated attacker with network access to the MQ Light service can repeatedly connect and disconnect, triggering the crash of the MQXR service [1]. No authentication or user interaction is required.
Impact
Successful exploitation results in a denial of service because the MQXR service crashes and must be restarted [1]. The confidentiality and integrity of data are not affected.
Mitigation
The fix is included in IBM MQ Light version 1.0.2 [1]. No workaround is available; users must upgrade to the fixed version. IBM has not listed this CVE in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3cpe:2.3:a:ibm:websphere_mq_light:1.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ibm:websphere_mq_light:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_mq_light:1.0.0.1:*:*:*:*:*:*:*
- (no CPE)range: <1.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.