CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2023-28513 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2023-28513
19 Jul 2023 — IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2023-28950 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2023-28950
19 May 2023 — IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251358 •
CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0CVE-2022-42436 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2022-42436
08 Feb 2023 — IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238206 •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-31772 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2022-31772
11 Nov 2022 — IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335. IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD y 9.2 LTS podrían permitir que un usuario autenticado y autorizado provoque una denegación de servicio a los canales MQTT. ID de IBM X-Force: 228335. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228335 • CWE-20: Improper Input Validation •
CVSS: 9.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22489
https://notcve.org/view.php?id=CVE-2022-22489
19 Aug 2022 — IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339. IBM MQ versiones 8.0, (9.0, 9.1, 9.2 LTS) y (9.1 y 9.2 CD) son vulnerables a un ataque de tipo XML External Entity Injection (XXE) cuando son procesados datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para expone... • https://exchange.xforce.ibmcloud.com/vulnerabilities/226339 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22321
https://notcve.org/view.php?id=CVE-2022-22321
01 Mar 2022 — IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. Los usuarios de mensajería local de IBM MQ Appliance versiones 9.2 CD y 9.2 LTS, son almacenados con un hash de contraseña que proporciona una protección insuficiente. IBM X-Force ID: 218368. • https://exchange.xforce.ibmcloud.com/vulnerabilities/218368 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38986
https://notcve.org/view.php?id=CVE-2021-38986
01 Mar 2022 — IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942. IBM MQ Appliance versiones 9.2 CD y 9.2 LTS, no invalida la sesión tras el cierre de sesión, lo que podría permitir a un usuario autenticado hacerse pasar por otro usuario en el sistema. IBM X-Force ID: 212942. • https://exchange.xforce.ibmcloud.com/vulnerabilities/212942 • CWE-613: Insufficient Session Expiration •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-38875
https://notcve.org/view.php?id=CVE-2021-38875
23 Nov 2021 — IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398. IBM MQ versiones 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD y 9.2 CD, es vulnerable a un ataque de denegación de servicio causado por un error de procesamiento de mensajes. IBM X-Force ID: 208398 • https://exchange.xforce.ibmcloud.com/vulnerabilities/208398 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4931
https://notcve.org/view.php?id=CVE-2020-4931
24 Feb 2021 — IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. IBM MQ versiones 9.1 LTS, 9.2 LTS y 9.1, CD AMQP Channels podría permitir a un usuario autenticado causar una denegación de servicio debido a un problema al procesar mensajes. IBM X-Force ID: 191747 • https://exchange.xforce.ibmcloud.com/vulnerabilities/191747 •
CVSS: 10.0EPSS: 1%CPEs: 47EXPL: 0CVE-2020-4682
https://notcve.org/view.php?id=CVE-2020-4682
28 Jan 2021 — IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509. IBM MQ versiones 7.5, 8.0, 9.0, 9.1, 9.2 LTS y 9.2 CD, podrían permitir a un atacante remoto ejecutar código arbitrario en el sistema, causado por una deserialización no segura de datos confiables. Un atacante podría explotar ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186509 • CWE-502: Deserialization of Untrusted Data •