CVE-2022-22489
https://notcve.org/view.php?id=CVE-2022-22489
IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339. IBM MQ versiones 8.0, (9.0, 9.1, 9.2 LTS) y (9.1 y 9.2 CD) son vulnerables a un ataque de tipo XML External Entity Injection (XXE) cuando son procesados datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/226339 https://www.ibm.com/support/pages/node/6613021 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2021-39034
https://notcve.org/view.php?id=CVE-2021-39034
IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964. IBM MQ versión 9.1 LTS, es vulnerable a un ataque de denegación de servicio causado por un problema en el proceso del canal. IBM X-Force ID: 213964 • https://exchange.xforce.ibmcloud.com/vulnerabilities/213964 https://www.ibm.com/support/pages/node/6556466 •
CVE-2021-38875
https://notcve.org/view.php?id=CVE-2021-38875
IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398. IBM MQ versiones 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD y 9.2 CD, es vulnerable a un ataque de denegación de servicio causado por un error de procesamiento de mensajes. IBM X-Force ID: 208398 • https://exchange.xforce.ibmcloud.com/vulnerabilities/208398 https://www.ibm.com/support/pages/node/6517672 •
CVE-2021-38949
https://notcve.org/view.php?id=CVE-2021-38949
IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403. IBM MQ versiones 7.5, 8.0, 9.0 LTS, 9.1 CD y 9.1 LTS, almacena las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario local. IBM X-Force ID: 211403 • https://exchange.xforce.ibmcloud.com/vulnerabilities/211403 https://www.ibm.com/support/pages/node/6516424 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2020-4931
https://notcve.org/view.php?id=CVE-2020-4931
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. IBM MQ versiones 9.1 LTS, 9.2 LTS y 9.1, CD AMQP Channels podría permitir a un usuario autenticado causar una denegación de servicio debido a un problema al procesar mensajes. IBM X-Force ID: 191747 • https://exchange.xforce.ibmcloud.com/vulnerabilities/191747 https://www.ibm.com/support/pages/node/6403295 •