CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1747
https://notcve.org/view.php?id=CVE-2017-1747
A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520. Un mensaje especialmente manipulado podría provocar una denegación de servicio (DoS) en las aplicaciones de IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3 y 9.0.4, consumiendo mensajes que necesita para realizar conversiones de datos. IBM X-Force ID: 135520. • http://www.ibm.com/support/docview.wss?uid=swg22012992 http://www.securityfocus.com/bid/103590 https://exchange.xforce.ibmcloud.com/vulnerabilities/135520 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1429
https://notcve.org/view.php?id=CVE-2018-1429
IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077. IBM MQ Appliance en sus versiones 9.0.1, 9.0.2, 9.0.3 y 9.0.4 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22014046 http://www.securityfocus.com/bid/103491 http://www.securitytracker.com/id/1040564 https://exchange.xforce.ibmcloud.com/vulnerabilities/139077 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-1388
https://notcve.org/view.php?id=CVE-2018-1388
GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212. GSKit V7 podría revelar información del canal lateral mediante discrepancias entre rellenos PKCS#1 válidos e inválidos. IBM X-Force ID: 138212. • http://www.ibm.com/support/docview.wss?uid=swg22013022 http://www.securityfocus.com/bid/103698 https://exchange.xforce.ibmcloud.com/vulnerabilities/138212 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 46EXPL: 0CVE-2017-1612
https://notcve.org/view.php?id=CVE-2017-1612
IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953. El módulo de rastreo de servicios IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0 y 9.0 podría emplearse para ejecutar código no fiable bajo un usuario "mqm". IBM X-Force ID: 132953. • http://www.ibm.com/support/docview.wss?uid=swg22009918 http://www.securityfocus.com/bid/102479 http://www.securitytracker.com/id/1040175 https://exchange.xforce.ibmcloud.com/vulnerabilities/132953 •
CVSS: 3.6EPSS: 0%CPEs: 12EXPL: 0CVE-2017-1699
https://notcve.org/view.php?id=CVE-2017-1699
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391. IBM MQ Managed File Transfer Agent 8.0 y 9.0 establece permisos no seguros en determinados archivos que crea. Un atacante local podría explotar esta vulnerabilidad para modificar o borrar datos contenidos en los archivos con un impacto no conocido. • http://www.ibm.com/support/docview.wss?uid=swg22010340 https://exchange.xforce.ibmcloud.com/vulnerabilities/134391 • CWE-732: Incorrect Permission Assignment for Critical Resource •