Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, version 8 which is shipped with IBM MQ. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause...

Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-31919)

Summary IBM MQ has addressed a denial of service vulnerability caused by an error processing messages when an API Exit using MQBUFMH is used. Vulnerability Details CVEID:CVE-2024-31919 DESCRIPTION: IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error...

Security Bulletin: IBM MQ is vulnerable to denial of service (CVE-2024-25016)

Summary IBM MQ has addressed a denial of service vulnerability due to incorrect buffering logic. Vulnerability Details CVEID:CVE-2024-25016 DESCRIPTION: IBM MQ and IBM MQ Appliance could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. CVSS Ba...

Security Bulletin: IBM MQ is affected by a denial-of-service vulnerability

Summary IBM MQ has addressed an error within the IBM MQ clustering logic, in which a specially crafted message could cause a denial-of-service. Vulnerability Details CVEID: CVE-2023-45177 DESCRIPTION: IBM MQ is vulnerable to a denial-of-service attack due to an error within the IBM MQ clustering...

Security Bulletin: IBM MQ is affected by a denial of service vulnerability (CVE-2023-28513)

Summary IBM MQ is affected by a denial of service vulnerability caused by improper message handling. Vulnerability Details CVEID:CVE-2023-28513 DESCRIPTION: IBM MQ, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. CVSS Base score: 5...

Security Bulletin: IBM MQ is vulnerable to an issue in IBM GSKit (CVE-2023-32342)

Summary Vulnerabilities in GSKit affect IBM MQ. IBM MQ has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By...

Security Bulletin: IBM MQ is affected by vulnerabilities in libcURL (CVE-2023-23916, CVE-2023-27535)

Summary Multiple issues were identified within the libcurl library that affect IBM MQ. IBM MQ uses libcurl to provide HTTPURL functionality which is only used to download remote CCDT files and is not used to send or receive messages. Vulnerability Details CVEID:CVE-2023-23916 DESCRIPTION: cURL...

Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2023-26285)

Summary IBM MQ is vulnerable to a denial of service attack caused by an error processing invalid data from a compromised client. Vulnerability Details CVEID:CVE-2023-26285 DESCRIPTION: IBM MQ could allow a remote attacker to cause a denial of service due to an error processing invalid data. CVSS...

Security Bulletin: IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. (CVE-2022-31772)

Summary IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. Vulnerability Details CVEID:CVE-2022-31772 DESCRIPTION: IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. CVSS Base score: 5....

Security Bulletin: IBM MQ is vulnerable to an issue within the Zlib library (CVE-2018-25032)

Summary An issue was identified within the Zlib library that affects IBM MQ. IBM MQ uses Zlib to perform message compression. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many...

Security Bulletin: IBM MQ WebConsole and REST API are affected by CVE-2021-39031.

Summary An issue was identified within the IBM WebSphere Application Server Liberty profile that IBM MQ uses to provide web console and REST API functionality. Vulnerability Details CVEID: CVE-2021-39031 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow...

CVE-2021-39034

IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964...

Design/Logic Flaw

IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964...

CVE-2021-39034

IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964...

Security Bulletin: IBM MQ is vulnerable to multiple Jetty vulnerabilities (CVE-2021-34428, CVE-2021-34429, CVE-2021-28169)

Summary Multiple issues were identified in Eclipse Jetty that IBM MQ Explorer uses and is affected by. Vulnerability Details CVEID: CVE-2021-34428 DESCRIPTION: Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an...

Security Bulletin: IBM MQ is vulnerable to an error within Eclipse Jetty (CVE-2020-27216)

Summary An issue was found in Eclipse Jetty that is shipped with the MQ Explorer component of IBM MQ. Vulnerability Details CVEID: CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the...

Security Bulletin: IBM MQ Appliance is affected by an OpenLDAP vulnerability (CVE-2020-25692)

Summary IBM MQ Appliance has resolved an OpenLDAP vulnerability. Vulnerability Details CVEID: CVE-2020-25692 DESCRIPTION: OpenLDAP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted TCP packet, a remote attacker could exploit this...

Security Bulletin: IBM MQ Appliance affected by an OpenSSL vulnerability (CVE-2020-1968)

Summary IBM MQ Appliance has resolved and OpenSSL vulnerability. Vulnerability Details CVEID: CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the pre-master secret in connections...

Security Bulletin: IBM MQ Appliance is affected by a Java SE vulnerability (CVE-2020-27221)

Summary IBM MQ Appliance has resolved a Java SE vulnerability. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an...

Security Bulletin: IBM MQ Appliance is affected by libxslt vulnerabilities (CVE-2019-11068, CVE-2019-18197)

Summary IBM MQ Appliance has resolved libxslt vulnerabilities. Vulnerability Details CVEID: CVE-2019-11068 DESCRIPTION: libxslt could allow a remote attacker to bypass security restrictions, caused by a flaw in the xsltCheckRead and xsltCheckWrite routines. By sending a specially-crafted request,...