Lucene search

Mq Security Vulnerabilities

cve

CVE-2021-38949

IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.

5.5CVSS

5AI Score

0.0004EPSS

2021-11-16 05:15 PM

cve

CVE-2021-38986

IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.

5.4CVSS

5.2AI Score

0.001EPSS

2022-03-01 05:15 PM

cve

CVE-2021-39034

IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964.

7.5CVSS

7.2AI Score

0.001EPSS

2022-02-17 05:15 PM

cve

CVE-2022-22321

IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.

5.5CVSS

5.3AI Score

0.0004EPSS

2022-03-01 05:15 PM

cve

CVE-2022-22489

IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339.

9.1CVSS

8.7AI Score

0.002EPSS

2022-08-19 07:15 PM

cve

CVE-2022-31772

IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.

6.5CVSS

6.1AI Score

0.001EPSS

2022-11-11 07:15 PM

cve

CVE-2022-42436

IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.

4CVSS

3.3AI Score

0.0004EPSS

2023-02-12 04:15 AM

cve

CVE-2022-43902

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832.

7.5CVSS

7.2AI Score

0.001EPSS

2023-03-10 09:15 PM

cve

CVE-2022-43919

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.

6.5CVSS

6.1AI Score

0.001EPSS

2023-05-05 03:15 PM

cve

CVE-2023-22874

IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.

5.5CVSS

5.3AI Score

0.0005EPSS

2023-05-05 03:15 PM

cve

CVE-2023-26285

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.

7.5CVSS

7.2AI Score

0.001EPSS

2023-05-05 04:15 PM

cve

CVE-2023-28513

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.

7.5CVSS

7.1AI Score

0.002EPSS

2023-07-19 02:15 AM

134

cve

CVE-2023-28514

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.

6.2CVSS

4.9AI Score

0.0004EPSS

2023-05-19 03:15 PM

cve

CVE-2023-28950

IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.

5.5CVSS

5.1AI Score

0.0004EPSS

2023-05-19 04:15 PM

cve

CVE-2023-45177

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066.

5.3CVSS

6.1AI Score

0.0004EPSS

2024-03-20 06:15 PM

105

cve

CVE-2024-25015

IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.

7.5CVSS

7.2AI Score

0.0004EPSS

2024-05-01 05:15 PM

cve

CVE-2024-25016

IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.

7.5CVSS

7.2AI Score

0.0004EPSS

2024-03-03 04:15 AM

cve

CVE-2024-31912

IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894.

8.8CVSS

7.4AI Score

0.0005EPSS

2024-06-28 06:15 PM

cve

CVE-2024-31919

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259.

7.5CVSS

5.6AI Score

0.0004EPSS

2024-06-28 06:15 PM

cve

CVE-2024-35116

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.

7.5CVSS

5.6AI Score

0.001EPSS

2024-06-28 07:15 PM

cve

CVE-2024-35155

IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765.

6.5CVSS

6AI Score

0.0005EPSS

2024-06-28 06:15 PM

cve

CVE-2024-35156

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766.

6.5CVSS

6AI Score

0.0005EPSS

2024-06-28 07:15 PM

Total number of security vulnerabilities72