1311 matches found
Security Bulletin: Multiple vulnerabilities in IBM MQ Agent images
Summary Multiple vulnerabilities were addressed in IBM MQ Agent images Vulnerability Details CVEID:CVE-2026-45134 DESCRIPTION: LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull...
Security Bulletin: IBM MQ Appliance appliance is affected by multiple Java vulnerabilities
Summary IBM MQ Appliance has addressed multiple Java vulnerabilities. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability...
Security Bulletin: IBM MQ Appliance is affected by an information exposure vulnerability (CVE-2026-40895)
Summary IBM MQ Appliance has addressed an information exposure vulnerability. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP reque...
Security Bulletin: IBM MQ is affected by multiple Java vulnerabilities (CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007)
Summary Multiple issues were identified with the IBM Runtime Environment, Java Technology Edition which is shipped with IBM MQ Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...
Security Bulletin: IBM MQ Console is affected by an exposure of sensitive information (CVE-2026-40895)
Summary IBM MQ console could allow a user to access sensitive information Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request...
Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2026-27142 DESCRIPTION: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an...
Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities (CVE-2026-23193, CVE-2026-23231, CVE-2026-3497)
Summary IBM MQ Appliance has addressed multiple open source vulnerabilities. Vulnerability Details CVEID:CVE-2026-3497 DESCRIPTION: Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions...
CVE-2026-2607
IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1,...
CVE-2026-2607
CVE-2026-2607 is an in-scope vulnerability affecting IBM MQ and IBM MQ Operator components. The root issue is that IBM MQ stores potentially sensitive information in log files that could be read by a local user. Affected products/versions include IBM MQ Operator SC2 (various 3.2.x, 3.3.x, 3.4.x, ...
CVE-2026-2607 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1,...
CVE-2026-2607 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1,...
PT-2026-43697
IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1,...
Security Bulletin: Multiple vulnerabilities in IBM MQ Agent images
Summary Multiple vulnerabilities were addressed in IBM MQ Agent images Vulnerability Details CVEID:CVE-2026-41425 DESCRIPTION: Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in...
IBM MQ 9.1 < 9.1.0.34 LTS / 9.2 < 9.2.0.41 LTS / 9.3 < 9.3.0.37 LTS / 9.3 < 9.4.5.1 CD / 9.4 LTS RCE (7271933)
The version of IBM MQ Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7271933 advisory. - IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal...
IBM MQ 9.1 < 9.1.0.36 LTS / 9.2 < 9.2.0.42 LTS / 9.3 < 9.3.0.40 LTS / 9.3 < 9.4.5.1 CD / 9.4 < 9.4.0.21 LTS / 9.4.5.1 (7272317)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7272317 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when...
IBM MQ 9.1 < 9.1.0.36 LTS / 9.2 < 9.2.0.42 LTS / 9.3 < 9.3.0.40 LTS / 9.3 < 9.4.5.1 CD / 9.4 < 9.4.0.21 LTS (7271936)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7271936 advisory. - IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0....
IBM MQ DoS (7271937)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7271937 advisory. - In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...
IBM MQ Privilege Escalation (7271938)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7271938 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user coul...
Security Bulletin: IBM MQ is affected by multiple Java vulnerabilities (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925)
Summary Multiple issues were identified with the IBM Runtime Environment, Java Technology Edition which is shipped with IBM MQ Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an...
Security Bulletin: IBM MQ is affected by a server-side request forgery vulnerability in IBM WebSphere Application Server Liberty (CVE-2026-1561)
Summary IBM WebSphere Application Server Liberty is used by IBM MQ as part of the IBM MQ Console and IBM MQ REST API functionality CVE-2026-1561 Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application...