Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, version 8 which is shipped with IBM MQ. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause...

Security Bulletin: IBM MQ Appliance vulnerable to bypassing security restrictions (CVE-2024-40681)

Summary IBM MQ Appliance has addressed a security bypass vulnerablity. Vulnerability Details CVEID:CVE-2024-40681 DESCRIPTION: IBM MQ could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. CVSS Base score: 7...

Security Bulletin: IBM MQ Appliance is vulnerable to exposure of sensitive information (CVE-2023-5981 and CVE-2024-0533)

Summary IBM MQ Appliance has addressed GNU GnuTLS exposure of sensitive information vulnerabilities. Vulnerability Details CVEID:CVE-2023-5981 DESCRIPTION: GNU GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing sidechannel issue during RSA-PSK key exchange. B...

PT-2024-26343 · Ibm · Ibm Mq

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.3 LTS and 9.3 CD Description: A remote attacker could obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack (CVE-2024-31912)

Summary IBM MQ has addressed a privilege escalation vulnerability. Vulnerability Details CVEID:CVE-2024-31912 DESCRIPTION: IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. CVSS Base score: 7.5 CVSS Temporal...

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2023-47745)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2023-47745 DESCRIPTION: IBM MQ stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. CVSS Base score: 6.2 CVSS Tempor...

Security Bulletin: IBM MQ Appliance is affected by vulnerabilities in the IBM Runtime Environment, Java Technology Edition (CVE-2023-21930 and CVE-2023-21967)

Summary Issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component coul...

Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2023-26285)

Summary IBM MQ is vulnerable to a denial of service attack caused by an error processing invalid data from a compromised client. Vulnerability Details CVEID:CVE-2023-26285 DESCRIPTION: IBM MQ could allow a remote attacker to cause a denial of service due to an error processing invalid data. CVSS...

Security Bulletin: IBM MQ Appliance is vulnerable to an unspecified Java SE vulnerability (CVE-2022-21626)

Summary IBM MQ Appliance has resolved a Java SE vulnerability. Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability...

Security Bulletin: IBM MQ Appliance is vulnerable to cross-site scripting (CVE-2022-32750)

Summary IBM MQ Appliance has resolved a cross-site scripting vulnerability. Vulnerability Details CVEID:CVE-2022-32750 DESCRIPTION: IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This...