Security Bulletin: IBM MQ is affected by multiple CVEs (CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796)

Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by an issue in OpenSSL (CVE-2024-2511)

Summary An issue was identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the IBM i...

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by multiple issues in OpenSSL (CVE-2023-6237 and CVE-2024-0727)

Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by multiple issues in OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401)

Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...

Information Disclosure

IBM MQ is vulnerable to Information Disclosure. The vulnerability exists when the Advanced Message Security setup is enabled which can leak sensitive information through trace files...

IBM MQ Information Disclosure (6985837)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 6985837 advisory. - When Advanced Message Security setup is enabled, there is an issue with IBM MQ tracing logic that means sensitive data can be captured while IBM MQ trace is running...

Security Bulletin: IBM MQ trace can inadvertently trace sensitive data (CVE-2023-28950)

Summary When Advanced Message Security setup is enabled, an issue was identified with IBM MQ tracing logic that meant sensitive data could be captured while IBM MQ trace was running. This data would be stored in plaintext within the IBM MQ trace files. Vulnerability Details CVEID:CVE-2023-28950...

Security Bulletin: IBM MQ Advanced Message Security on IBM i platforms is affected by a buffer overflow issue in OpenSSL (CVE-2022-3602, CVE-2022-3786)

Summary A buffer overflow issue was identified with OpenSSL, which IBM MQ 9.3.0 LTS on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which i...

Security Bulletin: IBM MQ Advanced Message Security is vulnerable to an OpenSSL error while parsing an ASN.1 data. (CVE-2018-0739)

Summary IBM MQ have addressed a vulnerability whereby OpenSSL could allow a remote attacker to execute a denial of service attack by sending specially crafted ASN.1 data. OpenSSL is used by IBM MQ Advanced Message Security on the IBM i platform only. Vulnerability Details CVEID: CVE-2018-0739...

Security Bulletin: IBM MQ Advanced Message Security is vulnerable to an OpenSSL error while parsing an IPAdressFamily extension in an X.509 certificate. (CVE-2017-3735)

Summary IBM MQ have addressed a vulnerability whereby OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. OpenSSL is used by IBM MQ Advanced Message Security on the IBM i platform only...

Security Bulletin: Various IBM WebSphere MQ Installers are susceptible to DLL-planting vulnerabilities (CVE-2016-2542 & CVE-2016-4560)

Summary Various IBM WebSphere MQ graphical user interface installers are susceptible to a DLL-planting vulnerability where a malicious DLL, that is present in the Windows search path, could be loaded by the operating system in place of the genuine file. The vulnerability affects Windows executabl...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM MQ Advanced Message Security (CVE-2016-2177, CVE-2016-2178)

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM MQ Advanced Message Security on the IBM i platform only. IBM MQ Advanced Message Security has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2177...

Security Bulletin: IBM WebSphere MQ Advanced Message Security for IBM i へのOpenSSLの脆弱性 (CVE-2016-2106, CVE-2016-2109)

Summary 2016年5月3日にOpenSSL Projectによって、OpenSSLの脆弱性が開示されました。 OpenSSLは、IBM WebSphere MQ Advanced Message Security for IBM iプラットフォームで使用されています。 IBM WebSphere MQは掲題のCVEに対処しました。 最新の情報については下記の文書（英語）をご参照ください。 Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ CVE-2016-2106, CVE-2016-210...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ (CVE-2016-2106, CVE-2016-2109)

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM WebSphere MQ. IBM WebSphere MQ has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2106 DESCRIPTION: OpenSSL is vulnerable to a heap-based buffer overflow, caused by...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ Advanced Message Security for IBM i, IBM WebSphere MQ Client for HP-NSS

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM WebSphere MQ Advanced Message Security for the IBM i platform, IBM WebSphere MQ HP-NSS and IBM WebSphere MQ Paho MQTT clients. IBM WebSphere MQ Advanced Message Security for the IBM i...

Security Bulletin: Vulnerability in OpenSSL affects IBM WebSphere MQ Advanced Message Security for IBM i platform (CVE-2014-3508)

Summary There is a vulnerability in OpenSSL that is used by IBM WebSphere MQ - Advanced Message Security. This issue was disclosed on August 6, 2014 by the OpenSSL project. Vulnerability Details CVE-ID: CVE-2014-3508 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...