CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26284 – IBM MQ Certified Container improper access controls
https://notcve.org/view.php?id=CVE-2023-26284
IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248417 https://www.ibm.com/support/pages/node/6960201 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43902 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2022-43902
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240832 https://www.ibm.com/support/pages/node/6890643 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40237 – IBM MQ for HPE NonStop denial of service
https://notcve.org/view.php?id=CVE-2022-40237
IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235727 https://www.ibm.com/support/pages/node/6958136 • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0CVE-2022-42436 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2022-42436
IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238206 https://www.ibm.com/support/pages/node/6909467 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-35719
https://notcve.org/view.php?id=CVE-2022-35719
IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. IBM MQ Internet Pass-Thru 2.1, 9.2 LTS y 9.2 CD almacena información potencialmente sensible en archivos de seguimiento que un usuario local podría leer. • https://exchange.xforce.ibmcloud.com/vulnerabilities/231370 https://www.ibm.com/support/pages/node/6838559 • CWE-532: Insertion of Sensitive Information into Log File •