Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent

Summary Vulnerabilities in IBM SDK Java Technology Edition that is shipped as part of agent framework in ITCAM for Applications WebSphere MQ Monitoring Agent. CVEs: CVE-2026-21945, CVE-2026-21932 Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service,...

EUVD-2019-13685

Malware in sbrugna...

EUVD-2007-6669

Malware in sbrugna...

EUVD-2012-3273

Malware in sbrugna...

EUVD-2014-6002

Malware in sbrugna...

CVE-2024-3367

Argument injection in webspheremq agent plugin in Checkmk 2.0.0, 2.1.0, 2.2.0p26 and 2.3.0b5 allows local attacker to inject one argument to runmqsc...

CVE-2024-3367

Argument injection in webspheremq agent plugin in Checkmk 2.0.0, 2.1.0, 2.2.0p26 and 2.3.0b5 allows local attacker to inject one argument to runmqsc...

CVE-2024-3367

Affected product: Checkmk with websphere_mq agent plugin. Vulnerable versions: Checkmk 2.0.0, 2.1.0, and any 2.2.0p26 and 2.3.0b5-era builds (i.e., <2.2.0p26 and

Security feature bypass

IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager...

Security Bulletin: IBM WebSphere MQ File Transfer Edition Web Gateway vulnerable to CSRF attack (CVE-2012-3294)

Abstract A low risk security vulnerability in the "Web Gateway" component of IBM WebSphere MQ File Transfer Edition and WebSphere MQ - Managed File Transfer may be susceptible to a Cross Site Request Forgery attack. Content CVE ID: CVE-2012-3294 DESCRIPTION: When using the web gateway, an...

Security Bulletin: IBM MQ and IBM WebSphere MQ are affected by Side channel attacks on modular exponentiation (CVE-2016-0702)

Summary IBM MQ and WebSphere MQ have addressed CVE-2016-0702 The GSKit cryptographic libraries supplied with MQ are impacted by the same issue described in the OpenSSL disclosure. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive...

Security Bulletin: IBM MQ and WebSphere MQ are affected by multiple vulnerabilities in OpenSSL and GSKit.

Summary IBM MQ and WebSphere MQ have addressed multiple vulnerabilities in OpenSSL and GSKit. OpenSSL is used by IBM MQ Advanced Message Security on the IBM i platform only. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-fr...

Security Bulletin: IBM MQ Advanced Message Security is vulnerable to an OpenSSL Montgomery squaring function propagation flaw (CVE-2017-3736)

Summary IBM MQ and IBM WebSphere MQ are affected by an OpenSSL vulnerability which could allow a remote attacker to obtain sensitive information. This is caused by a carry propagation flaw in the the x8664 Montgomery squaring function bnsqrx8xinternal. OpenSSL is used by IBM MQ Advanced Message...

IBM MQ for HPE NonStop Information Disclosure Vulnerability

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. An information disclosure vulnerability exists in IBM MQ for HPE NonStop version 8.1.0, which can be exploited b...

Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160

Summary WebSphere MQ for HP NonStop Server may be using weaker than expected security due to an algorithmic problem within OpenSSL. Vulnerability Details CVEID: CVE-2021-4160 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and...

Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778

Summary An issue was identifed in OpenSSL when MQ is using it to parse certificates. Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-crafted certificate...

Security Bulletin: WebSphere MQ Internet Pass-Thru - CVE-2020-2654 (deferred from Oracle Jan 2020 CPU)

Summary WebSphere MQ Internet Pass-Thru has addressed the following vulnerability in IBM® Runtime Environment Java™ Version 7.0.10.50 and earlier. CVE-2020-2654 was disclosed as part of the Oracle January 2020 Critical Patch Update. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An...

Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)

Summary WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerabilities CVE-2021-3449 and CVE-2021-3450. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sendi...

Security Bulletin: WebSphere MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities CVE-2021-23839, CVE-2021-23840 and CVE-2021-23841

Summary WebSphere MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities CVE-2021-23839, CVE-2021-23840 and CVE-2021-23841 Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection...

IBM MQ 8.0 <= 8.0.0.4 (281073)

The version of IBM MQ Server running on the remote host is affected by a vulnerability. IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program...