CVE-2023-47745 – IBM MQ Container information disclosure
https://notcve.org/view.php?id=CVE-2023-47745
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272638 https://www.ibm.com/support/pages/node/7126571 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2024-27255 – IBM MQ Container information disclosure
https://notcve.org/view.php?id=CVE-2024-27255
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905. • https://exchange.xforce.ibmcloud.com/vulnerabilities/283905 https://www.ibm.com/support/pages/node/7126571 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2023-46177 – IBM MQ Appliance information disclosure
https://notcve.org/view.php?id=CVE-2023-46177
IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536. IBM MQ Appliance 9.3 LTS y 9.3 CD podrían permitir que un atacante remoto atraviese directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada para ver archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269536 https://www.ibm.com/support/pages/node/7091235 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-46176 – IBM MQ privilege escalation
https://notcve.org/view.php?id=CVE-2023-46176
IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535. IBM MQ Appliance 9.3 CD podría permitir a un atacante local obtener privilegios elevados en el sistema, causado por una validación inadecuada de las claves de seguridad. ID de IBM X-Force: 269535. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269535 https://www.ibm.com/support/pages/node/7060769 • CWE-424: Improper Protection of Alternate Path •
CVE-2023-28513 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2023-28513
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 https://www.ibm.com/support/pages/node/7007421 https://www.ibm.com/support/pages/node/7007731 • CWE-20: Improper Input Validation •