CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36041 – IBM MQ improper certificate validation
https://notcve.org/view.php?id=CVE-2025-36041
15 Jun 2025 — IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions. • https://www.ibm.com/support/pages/node/7236608 • CWE-295: Improper Certificate Validation •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1333 – IBM MQ Operator information disclosure
https://notcve.org/view.php?id=CVE-2025-1333
01 May 2025 — IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user. • https://www.ibm.com/support/pages/node/7232272 • CWE-214: Invocation of Process Using Visible Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27365 – IBM MQ Operator denial of service
https://notcve.org/view.php?id=CVE-2025-27365
01 May 2025 — IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. • https://www.ibm.com/support/pages/node/7232272 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0985 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2025-0985
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user. • https://www.ibm.com/support/pages/node/7184453 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54175 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2024-54175
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. • https://www.ibm.com/support/pages/node/7184453 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23225 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2025-23225
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. • https://www.ibm.com/support/pages/node/7183372 • CWE-230: Improper Handling of Missing Values •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54173 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-54173
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled. • https://www.ibm.com/support/pages/node/7183370 • CWE-1323: Improper Management of Sensitive Trace Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0975 – IBM MQ code execution
https://notcve.org/view.php?id=CVE-2025-0975
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters. • https://www.ibm.com/support/pages/node/7183467 • CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27256 – IBM MQ Operator information disclosure
https://notcve.org/view.php?id=CVE-2024-27256
27 Jan 2025 — IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt ... • https://www.ibm.com/support/pages/node/7157667 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52898 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-52898
14 Jan 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned. • https://www.ibm.com/support/pages/node/7179150 • CWE-209: Generation of Error Message Containing Sensitive Information •