Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

IBM MQ Server and Client Detection (Windows)

🗓️ 27 Jan 2012 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 40 Views

IBM MQ Server and Client Detection. Checks for IBM MQ server or client installation

Refs
Code
##
# (C) Tenable, Inc.
##

include("compat.inc");

if (description)
{
  script_id(57708);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/22");

  script_xref(name:"IAVT", value:"0001-T-0631");

  script_name(english:"IBM MQ Server and Client Detection (Windows)");

  script_set_attribute(attribute:"synopsis", value:
"IBM MQ (formerly IBM WebSphere MQ) Server or Client is installed on the remote Windows host.");
  script_set_attribute(attribute:"description", value:
"IBM MQ (formerly IBM WebSphere MQ) Server or Client is installed on the remote Windows host.");
  script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/products/mq");
  script_set_attribute(attribute:"solution", value:"n/a");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_mq");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:mq");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"asset_inventory", value:"True");
  script_set_attribute(attribute:"asset_inventory_category", value:"software_enumeration");
  script_set_attribute(attribute:"agent", value:"windows");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_hotfixes.nasl");
  script_require_keys("SMB/Registry/Enumerated");
  script_require_ports(139, 445);

  exit(0);
}

include("smb_hotfixes.inc");
include("ibm_mq.inc");

get_kb_item_or_exit('SMB/Registry/Enumerated');

##
# Function that Retrieves IBM MQ installation data from a registry key.
#
# @param   [key:string] The registry key to query for installation information.
# @return  [array|null] An array containing install details (name, path, version, type, components) or NULL if not found.
#
##
function get_install_from_key(key)
{
  var hklm, entries, values;
  var name, path, type, components, component;
  var exe, exe_ver, version;
  var install;

  # Function can accept argument anonymously.
  if (isnull(key)) key = _FCT_ANON_ARGS[0];

  registry_init();
  hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);
  entries = make_list("FilePath", "ProductType", "Name");
  values = get_values_from_key(handle:hklm, entries:entries, key:key);

  if (isnull(values))
  {
    dbg::detailed_log(msg:"No registry values found", lvl:2, msg_details:{
      'key': {lvl:3, value:key}
    });
    return NULL;
  }

  name = values["Name"];
  path = values["FilePath"];
  type = values["ProductType"];
  dbg::detailed_log(msg:"Registry values retrieved", lvl:2, msg_details:{
    'name': {lvl:3, value:name},
    'path': {lvl:3, value:path},
    'type': {lvl:3, value:type}
  });

  # Look for installed components.
  key += "\Components";
  dbg::detailed_log(msg:"Looking for components", lvl:2, msg_details:{
    'key': {lvl:3, value:key}
  });
  values = get_reg_name_value_table(handle:hklm, key:key);
  RegCloseKey(handle:hklm);
  close_registry(close:FALSE);

  if (!isnull(values))
  {
    components = [];
    foreach component (sort(keys(values)))
    {
      if ('jre' == component)
      {
        component = 'Java JRE';
      }
      components = make_list(components, component);
    }
  }
  else
  {
    dbg::detailed_log(msg:"No components found", lvl:2, msg_details:{
      'key': {lvl:3, value:key}
    });
  }

  # Verify that the software is actually installed by checking for the
  # executable and grab version from that.
  # The binary below is no longer found in all installs
  #exe = hotfix_append_path(path:path, value:"bin\runmqckm.exe");
  exe = hotfix_append_path(path:path, value:"bin\dspmqver.exe");
  exe_ver = hotfix_get_pversion(path:exe);
  hotfix_check_fversion_end();
  if (exe_ver['error'] == HCF_OK)
  {
    # Versions might have a comma separator for some reason.
    version = str_replace(string:exe_ver['value'], find:",", replace:".");
    dbg::detailed_log(msg:"Executable found and version extracted", lvl:2, msg_details:{
      'exe': {lvl:3, value:exe},
      'version': {lvl:3, value:version}
    });

    # Create install array and return.
    install = make_array(
      'name', name,
      'path', path,
      'version', version
      );

    if (!isnull(type)) install['type'] = type;
    if (!isnull(components)) install['components'] = components;

    return install;
  }
  else
  {
    dbg::detailed_log(msg:"Executable not found or error occurred", lvl:2, msg_details:{
      'exe': {lvl:3, value:exe},
      'error': {lvl:3, value:exe_ver['error']}
    });
    return NULL;
  }
}

##
# Main
##

var install_count = 0;
var cpe = "cpe:/a:ibm:mq";
var app_name = "IBM WebSphere MQ";
var vendor = 'IBM';
var product= 'WebSphere MQ';
var data_for_register_installs = make_nested_list();

# Get primary install information from the registry.
var key = "SOFTWARE\IBM\MQSeries\CurrentVersion";
var install = get_install_from_key(key);

if (!isnull(install))
{
  dbg::detailed_log(msg:"Primary install found", lvl:2, msg_details:{
    'name': {lvl:3, value:install['name']},
    'version': {lvl:3, value:install['version']},
    'path': {lvl:3, value:install['path']}
  });
  data_for_register_installs[install_count] = install;
  install_count = 1;
}
else
{
  dbg::detailed_log(msg:"No primary install found", lvl:2, msg_details:{
    'key': {lvl:3, value:key}
  });
}

# As of 7.1, multiple installs are supported. Search the registry for those.
dbg::detailed_log(msg:"Checking for multi-install support", lvl:2);
registry_init();
var hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:FALSE);
key = "SOFTWARE\IBM\WebSphere MQ\Installation";
var subkeys = get_registry_subkeys(handle:hklm, key:key);
RegCloseKey(handle:hklm);

# Gather data for multi register_install calls.
if (!isnull(subkeys))
{
  dbg::detailed_log(msg:"Processing multi-install subkeys", lvl:2, msg_details:{
    'count': {lvl:3, value:max_index(subkeys)}
  });
  # Process each install and add it to the installs array.
  var install_key, check_inst;
  foreach var subkey (subkeys)
  {
    install_key = key + "\" + subkey;
    install = get_install_from_key(install_key);
    if (!isnull(install))
    {
      # Check for dupes pulled in by the two reg queries
      # If a dupe, skip it.
      if (!empty_or_null(data_for_register_installs))
      {
        foreach check_inst (data_for_register_installs)
        {
          if (obj_cmp(install, check_inst))
          {
            dbg::detailed_log(
              msg:"Duplicate install detected, skipping",
              lvl:2,
              msg_details:{
                'name': {lvl:3, value:install['name']},
                'version': {lvl:3, value:install['version']}
              });
            continue;
          }

          data_for_register_installs[install_count] = install;
          install_count++;
          dbg::detailed_log(msg:"Multi-install added", lvl:3, msg_details:{
            'install_count': {lvl:2, value:install_count},
            'name': {lvl:3, value:install['name']},
            'version': {lvl:3, value:install['version']}
          });
        }
      }
      else
      {
        data_for_register_installs[install_count] = install;
        install_count++;
        dbg::detailed_log(msg:"First multi-install added", lvl:2, msg_details:{
          'install_count': {lvl:3, value:install_count},
          'name': {lvl:3, value:install['name']},
          'version': {lvl:3, value:install['version']}
        });
      }
    }
  }
}
else
{
  dbg::detailed_log(msg:"No multi-install subkeys found", lvl:2, msg_details:{
    'key': {lvl:3, value:key}
  });
}

# Exit out if there are no installs.
if (install_count < 1 )
{
  hotfix_check_fversion_end();
  audit(AUDIT_NOT_INST, app_name);
}

dbg::detailed_log(msg:"Processing installs found", lvl:2, msg_details:{
  'install_count': {lvl:3, value:install_count}
});

if (!empty_or_null(data_for_register_installs))
{
  var item, result, release_type, track, path_to_fix, interim_fix, contents, match, components;
  foreach item (data_for_register_installs)
  {
    interim_fix = NULL; # Reset interim fix for each item
    dbg::detailed_log(msg:"Processing install item", lvl:2, msg_details:{
      'name': {lvl:3, value:item['name']},
      'version': {lvl:3, value:item['version']},
      'path': {lvl:3, value:item['path']}
    });
    # Lets parse out what kind of Version it is CD or LTS
    result = classify_mq_version(version:item['version']);

    release_type = result['type'];
    track = result['track'];

    # Lets check interim fixes in mqpatch.dat
    path_to_fix = hotfix_append_path(path:item['path'], value:"\mqpatch.dat");

    if (hotfix_file_exists(path:path_to_fix))
    {
      contents = hotfix_get_file_contents(path:path_to_fix);
      if (!isnull(contents) && contents != "")
      {
        match = pregmatch(pattern:"IT([0-9]+)-", string:contents);
        if (!isnull(match)) {
          interim_fix = match[1]; # "40099"
          dbg::detailed_log(msg:"Interim fix extracted", lvl:2, msg_details:{
            'interim_fix': {lvl:3, value:interim_fix},
            'path_to_fix': {lvl:3, value:path_to_fix}
          });
        }
        else
        {
          dbg::detailed_log(msg:"No interim fix pattern matched", lvl:2, msg_details:{
            'path_to_fix': {lvl:3, value:path_to_fix}
          });
        }
      }
      else
      {
        dbg::detailed_log(msg:"Interim fix file empty or unreadable", lvl:2, msg_details:{
          'path_to_fix': {lvl:3, value:path_to_fix}
        });
      }
    }
    else
    {
      dbg::detailed_log(msg:"No interim fix file found", lvl:2, msg_details:{
        'path_to_fix': {lvl:3, value:path_to_fix}
      });
    }

    if (!empty_or_null(item['components']))
      components = item['components'];

    register_install(
      app_name: app_name,
      vendor : vendor,
      product : product,
      path:item['path'],
      version:item['version'],
      extra:make_array(
        "Type", item['type'],
        "Components", join(components, sep:', '),
        "Release Type", release_type,
        "Track", track,
        "Interim Fix", interim_fix
      ),
      cpe:cpe
    );
  }
}

hotfix_check_fversion_end();
report_installs(app_name:app_name);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Apr 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8
message queuing serverclient softwareibm mq
40