CVE-2023-46177 – IBM MQ Appliance information disclosure
https://notcve.org/view.php?id=CVE-2023-46177
IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536. IBM MQ Appliance 9.3 LTS y 9.3 CD podrían permitir que un atacante remoto atraviese directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada para ver archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269536 https://www.ibm.com/support/pages/node/7091235 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-46176 – IBM MQ privilege escalation
https://notcve.org/view.php?id=CVE-2023-46176
IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535. IBM MQ Appliance 9.3 CD podría permitir a un atacante local obtener privilegios elevados en el sistema, causado por una validación inadecuada de las claves de seguridad. ID de IBM X-Force: 269535. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269535 https://www.ibm.com/support/pages/node/7060769 • CWE-424: Improper Protection of Alternate Path •
CVE-2023-28513 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2023-28513
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 https://www.ibm.com/support/pages/node/7007421 https://www.ibm.com/support/pages/node/7007731 • CWE-20: Improper Input Validation •
CVE-2023-26285 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2023-26285
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248418 https://www.ibm.com/support/pages/node/6986563 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2023-22874 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2023-22874
IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244216 https://www.ibm.com/support/pages/node/6985901 • CWE-400: Uncontrolled Resource Consumption •