CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52897 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-52897
19 Dec 2024 — IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message... • https://www.ibm.com/support/pages/node/7178086 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51471 – IBM MQ Appliance denial of service
https://notcve.org/view.php?id=CVE-2024-51471
19 Dec 2024 — IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. • https://www.ibm.com/support/pages/node/7178243 • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52896 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-52896
19 Dec 2024 — IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. • https://www.ibm.com/support/pages/node/7178244 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35116 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2024-35116
28 Jun 2024 — IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335. IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS y 9.3 CD es vulnerable a un ataque de denegación de servicio causado por un error al aplicar cambios de configuración. ID de IBM X-Force: 290335. • https://exchange.xforce.ibmcloud.com/vulnerabilities/290335 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35156 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-35156
28 Jun 2024 — IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766. IBM MQ 9.3 LTS y 9.3 CD podrían permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292766 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35155 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-35155
28 Jun 2024 — IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765. IBM MQ Console 9.3 LTS y 9.3 CD podrían revelar que podrían permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/292765 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31912 – IBM MQ privilege escalation
https://notcve.org/view.php?id=CVE-2024-31912
28 Jun 2024 — IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894. IBM MQ 9.3 LTS y 9.3 CD podrían permitir que un usuario autenticado escale sus privilegios bajo ciertas configuraciones debido a una asignación de privilegios incorrecta. ID de IBM X-Force: 289894. • https://exchange.xforce.ibmcloud.com/vulnerabilities/289894 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31919 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2024-31919
28 Jun 2024 — IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259. IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS y 9.3 CD, en determinadas configuraciones, es vulnerable a un ataque de denegación de servicio provocado por un error al procesar mensajes cuando se utiliza una salida de API utilizando MQBUFMH. ID de IBM X-Force: 290259. • https://exchange.xforce.ibmcloud.com/vulnerabilities/290259 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2024-25048 – IBM MQ code execution
https://notcve.org/view.php?id=CVE-2024-25048
27 Apr 2024 — IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137. El CD y LTS de IBM MQ Appliance 9.3 son vulnerables a un desbordamiento de búfer de almacenamiento dinámico, provocado por una comprobación de los límites incorrecta. Un atacante remoto autenticado podría desbordar un búfer y ejecutar código arb... • https://exchange.xforce.ibmcloud.com/vulnerabilities/283137 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46177 – IBM MQ Appliance information disclosure
https://notcve.org/view.php?id=CVE-2023-46177
18 Dec 2023 — IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536. IBM MQ Appliance 9.3 LTS y 9.3 CD podrían permitir que un atacante remoto atraviese directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada para ver archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269536 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •