CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0985 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2025-0985
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user. • https://www.ibm.com/support/pages/node/7184453 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54175 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2024-54175
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. • https://www.ibm.com/support/pages/node/7184453 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23225 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2025-23225
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. • https://www.ibm.com/support/pages/node/7183372 • CWE-230: Improper Handling of Missing Values •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54173 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-54173
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled. • https://www.ibm.com/support/pages/node/7183370 • CWE-1323: Improper Management of Sensitive Trace Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0975 – IBM MQ code execution
https://notcve.org/view.php?id=CVE-2025-0975
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters. • https://www.ibm.com/support/pages/node/7183467 • CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27256 – IBM MQ Operator information disclosure
https://notcve.org/view.php?id=CVE-2024-27256
27 Jan 2025 — IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt ... • https://www.ibm.com/support/pages/node/7157667 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52898 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-52898
14 Jan 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned. • https://www.ibm.com/support/pages/node/7179150 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52897 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-52897
19 Dec 2024 — IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message... • https://www.ibm.com/support/pages/node/7178086 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51471 – IBM MQ Appliance denial of service
https://notcve.org/view.php?id=CVE-2024-51471
19 Dec 2024 — IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. • https://www.ibm.com/support/pages/node/7178243 • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52896 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-52896
19 Dec 2024 — IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. • https://www.ibm.com/support/pages/node/7178244 • CWE-209: Generation of Error Message Containing Sensitive Information •