CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22874 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2023-22874
05 May 2023 — IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244216 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43919 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2022-43919
05 May 2023 — IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241354 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26284 – IBM MQ Certified Container improper access controls
https://notcve.org/view.php?id=CVE-2023-26284
15 Mar 2023 — IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248417 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43902 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2022-43902
01 Mar 2023 — IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240832 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40237 – IBM MQ for HPE NonStop denial of service
https://notcve.org/view.php?id=CVE-2022-40237
27 Feb 2023 — IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235727 • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0CVE-2022-42436 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2022-42436
08 Feb 2023 — IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238206 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-35719
https://notcve.org/view.php?id=CVE-2022-35719
14 Nov 2022 — IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. IBM MQ Internet Pass-Thru 2.1, 9.2 LTS y 9.2 CD almacena información potencialmente sensible en archivos de seguimiento que un usuario local podría leer. • https://exchange.xforce.ibmcloud.com/vulnerabilities/231370 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-31772 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2022-31772
11 Nov 2022 — IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335. IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD y 9.2 LTS podrían permitir que un usuario autenticado y autorizado provoque una denegación de servicio a los canales MQTT. ID de IBM X-Force: 228335. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228335 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40230
https://notcve.org/view.php?id=CVE-2022-40230
03 Nov 2022 — "IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532." "IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD y LTS 9.3 no invalidan la sesión después del cierre de sesión, lo que podría permitir a un usuario autenticado hacerse pasar por otro usuario en el sistema. ID de IBM X-Force: 235532". • https://www.ibm.com/support/pages/node/6622051 • CWE-613: Insufficient Session Expiration •
CVSS: 9.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22489
https://notcve.org/view.php?id=CVE-2022-22489
19 Aug 2022 — IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339. IBM MQ versiones 8.0, (9.0, 9.1, 9.2 LTS) y (9.1 y 9.2 CD) son vulnerables a un ataque de tipo XML External Entity Injection (XXE) cuando son procesados datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para expone... • https://exchange.xforce.ibmcloud.com/vulnerabilities/226339 • CWE-611: Improper Restriction of XML External Entity Reference •