CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4620
https://notcve.org/view.php?id=CVE-2019-4620
IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863. las variables de entorno en IBM MQ Appliance. (CVE-2019-4620) IBM MQ Appliance versiones 8.0 y 9.0 LTS, podría permitir a un atacante local omitir las restricciones de seguridad causadas por una comprobación inapropiada de las variables de entorno. ID de IBM X-Force: 168863. • https://exchange.xforce.ibmcloud.com/vulnerabilities/168863 https://www.ibm.com/support/pages/node/1125891 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2019-4614
https://notcve.org/view.php?id=CVE-2019-4614
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. El cliente IBM MQ e IBM MQ Appliance versiones 8.0 y 9.0 LTS, que se conectan a un Queue Manager podría causar una denegación de servicio SIGSEGV causada por la conversión de un mensaje no válido. ID de IBM X-Force: 168639. • https://exchange.xforce.ibmcloud.com/vulnerabilities/168639 https://www.ibm.com/support/pages/node/1106523 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4560
https://notcve.org/view.php?id=CVE-2019-4560
IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357. El CD IBM MQ e IBM MQ Appliance versiones 9.1, 9.1 LTS, 9.0 LTS y 8.0, es vulnerable a un ataque de denegación de servicio causado mediante canales que procesan mensajes formateados débilmente. ID de IBM X-Force: 166357. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166357 https://www.ibm.com/support/pages/node/1106037 •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2019-4294
https://notcve.org/view.php?id=CVE-2019-4294
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188. IBM DataPower Gateway 2018.4.1.0 a 2018.4.1.6, 7.6.0.0 a 7.6.0.15 e IBM MQ Appliance 8.0.0.0 a 8.0.0.12, 9.1.0.0 a 9.1.0.2 y 9.1.1 a 9.1.2 podría permitir que un atacante local ejecute comandos arbitrarios en el sistema, vulnerabilidad de inyección de comandos. ID de IBM X-Force: 16188. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160701 https://www.ibm.com/support/docview.wss?uid=ibm10887005 https://www.ibm.com/support/docview.wss?uid=ibm10958933 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-4055
https://notcve.org/view.php?id=CVE-2019-4055
IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. IBM MQ versiones desde la 8.0.0.0.0 hasta 8.0.0.0.10, desde la 9.0.0.0.0 hasta la 9.0.0.5 y desde la 9.1.0.0 hasta la 9.1.1.1 es vulnerable a un ataque de denegación de servicio dentro de la función de renegociación de claves de TLS. IBM X-Force ID: 156564. • http://www.securityfocus.com/bid/108027 https://exchange.xforce.ibmcloud.com/vulnerabilities/156564 https://www.ibm.com/support/docview.wss?uid=ibm10870484 •