11 results (0.019 seconds)

CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 https://www.ibm.com/support/pages/node/7007421 https://www.ibm.com/support/pages/node/7007731 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0

IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251358 https://https://www.ibm.com/support/pages/node/6985837 •

CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0

IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238206 https://www.ibm.com/support/pages/node/6909467 •

CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0

IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335. IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD y 9.2 LTS podrían permitir que un usuario autenticado y autorizado provoque una denegación de servicio a los canales MQTT. ID de IBM X-Force: 228335. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228335 https://www.ibm.com/support/pages/node/6833806 • CWE-20: Improper Input Validation •

CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0

IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339. IBM MQ versiones 8.0, (9.0, 9.1, 9.2 LTS) y (9.1 y 9.2 CD) son vulnerables a un ataque de tipo XML External Entity Injection (XXE) cuando son procesados datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/226339 https://www.ibm.com/support/pages/node/6613021 • CWE-611: Improper Restriction of XML External Entity Reference •