CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51470 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2024-51470
18 Dec 2024 — IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set va... • https://www.ibm.com/support/pages/node/7177593 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40681 – IBM MQ security bypass
https://notcve.org/view.php?id=CVE-2024-40681
07 Sep 2024 — IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. • https://www.ibm.com/support/pages/node/7167732 • CWE-266: Incorrect Privilege Assignment •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40680 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2024-40680
07 Sep 2024 — IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297611 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39742 – IBM MQ Container authentication bypass
https://notcve.org/view.php?id=CVE-2024-39742
08 Jul 2024 — IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297169 • CWE-187: Partial String Comparison •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39743 – IBM MQ Container denial of service
https://notcve.org/view.php?id=CVE-2024-39743
08 Jul 2024 — IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172. IBM MQ Operador 3.2.2 e IBM MQ Operador 2.0.24 podrían permitir a un usuario provocar una denegación de servicio en determinadas configuraciones debido a una vulnerabilidad de comparación de cadenas parciales. ID de IBM X-Force... • https://exchange.xforce.ibmcloud.com/vulnerabilities/297172 • CWE-405: Asymmetric Resource Consumption (Amplification) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35116 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2024-35116
28 Jun 2024 — IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335. IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS y 9.3 CD es vulnerable a un ataque de denegación de servicio causado por un error al aplicar cambios de configuración. ID de IBM X-Force: 290335. • https://exchange.xforce.ibmcloud.com/vulnerabilities/290335 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35156 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-35156
28 Jun 2024 — IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766. IBM MQ 9.3 LTS y 9.3 CD podrían permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292766 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35155 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-35155
28 Jun 2024 — IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765. IBM MQ Console 9.3 LTS y 9.3 CD podrían revelar que podrían permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/292765 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31912 – IBM MQ privilege escalation
https://notcve.org/view.php?id=CVE-2024-31912
28 Jun 2024 — IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894. IBM MQ 9.3 LTS y 9.3 CD podrían permitir que un usuario autenticado escale sus privilegios bajo ciertas configuraciones debido a una asignación de privilegios incorrecta. ID de IBM X-Force: 289894. • https://exchange.xforce.ibmcloud.com/vulnerabilities/289894 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31919 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2024-31919
28 Jun 2024 — IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259. IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS y 9.3 CD, en determinadas configuraciones, es vulnerable a un ataque de denegación de servicio provocado por un error al procesar mensajes cuando se utiliza una salida de API utilizando MQBUFMH. ID de IBM X-Force: 290259. • https://exchange.xforce.ibmcloud.com/vulnerabilities/290259 • CWE-770: Allocation of Resources Without Limits or Throttling •