Lucene search
K

15 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 2:18 p.m.110 views

Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy 6.0.3.0 and are addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading ...

7.1CVSS6.6AI score0.0444EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/01/19 12:0 a.m.67 views

IBM MQ 8.0 <= 8.0.0.11 / 9.0 <= 9.0.0.6 LTS / 9.1 <= 9.1.0.1 LTS / 9.1.1 < 9.1.2 CD (870492)

The version of IBM MQ Server running on the remote host is affected by a vulnerability that allows a local attacker to cause a denial of service within the error log reporting system. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

6.2CVSS6.6AI score0.00316EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/19 11:17 a.m.28 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 - Includes Oracle Apr 2020 CPU minus CVE-2020-2773 affects IBM MQ

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 7 and 8 used by IBM MQ. IBM MQ have addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2020-2781 DESCRIPTION: An unspecifi...

5.3CVSS2.5AI score0.04948EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/17 4:2 p.m.33 views

Security Bulletin: IBM MQ is affected by a vulnerability in IBM Runtime Environment Java (deferred from Oracle Jan 2020 CPU) CVE-2020-2654

Summary IBM MQ has addressed the following vulnerability in IBM® Runtime Environment Java™ Version 7.0.10.60 and earlier. CVE-2020-2654 was disclosed as part of the Oracle January 2020 Critical Patch Update. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in...

4.3CVSS1.1AI score0.03299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:7 a.m.22 views

Security Bulletin: A vulnerability in Java runtime from IBM affects IBM WebSphere MQ and IBM MQ Appliance (CVE-2016-5597)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 and 8 used by IBM WebSphere MQ and the IBM MQ Appliance. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details If you run your own Java code using the Java...

5.9CVSS1AI score0.03937EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.32 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM MQ AMS (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM MQ Advanced Message Security AMS on IBM i. IBM MQ has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of...

7.5CVSS1.1AI score0.44016EPSS
Exploits1Affected Software1
NVD
NVD
added 2017/09/25 4:29 p.m.21 views

CVE-2017-1235

IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914...

6.5CVSS6.2AI score0.02253EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/09/25 4:0 p.m.22 views

CVE-2017-1235

IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914...

6.2AI score0.02253EPSS
Exploits0References3
CVE
CVE
added 2017/09/25 4:0 p.m.60 views

CVE-2017-1235

IBM WebSphere MQ is affected by CVE-2017-1235. The IBM security bulletin states that termination during an MQGET call of a client application running on a channel with SHARECNV=1 could cause a SIGSEGV and termination of the channel agent process, potentially leading to a denial of service. Affect...

6.5CVSS6.2AI score0.02253EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/03/07 5:59 p.m.16 views

Code injection

IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference : 1998663...

6.8CVSS6.6AI score0.00896EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/02/22 7:59 p.m.16 views

Design/Logic Flaw

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference : 1998649...

4CVSS6.7AI score0.00843EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/02/22 7:59 p.m.24 views

CVE-2016-3013

IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference : 1998661...

6.5CVSS7AI score0.00906EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/02/22 7:0 p.m.25 views

CVE-2016-3013

IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference : 1998661...

6.6AI score0.00906EPSS
Exploits0References2
CVE
CVE
added 2015/04/27 1:0 a.m.68 views

CVE-2015-0176

CVE-2015-0176 describes a reflected cross-site scripting (XSS) vulnerability in the IBM WebSphere MQ XR WebSockets Listener. According to IBM and NVD sources, the issue arises from improper validation/sanitation of user-supplied input in the URI, which can be included in an error response and cau...

4.3CVSS4.5AI score0.01559EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/04/27 1:0 a.m.25 views

CVE-2015-0176

Cross-site scripting XSS vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response...

5.4AI score0.01559EPSS
Exploits0References2
Rows per page
Query Builder