CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46177 – IBM MQ Appliance information disclosure
https://notcve.org/view.php?id=CVE-2023-46177
18 Dec 2023 — IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536. IBM MQ Appliance 9.3 LTS y 9.3 CD podrían permitir que un atacante remoto atraviese directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada para ver archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269536 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46176 – IBM MQ privilege escalation
https://notcve.org/view.php?id=CVE-2023-46176
03 Nov 2023 — IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535. IBM MQ Appliance 9.3 CD podría permitir a un atacante local obtener privilegios elevados en el sistema, causado por una validación inadecuada de las claves de seguridad. ID de IBM X-Force: 269535. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269535 • CWE-424: Improper Protection of Alternate Path •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2023-28513 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2023-28513
19 Jul 2023 — IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-26285 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2023-26285
05 May 2023 — IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248418 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22874 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2023-22874
05 May 2023 — IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244216 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43919 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2022-43919
05 May 2023 — IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241354 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43902 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2022-43902
01 Mar 2023 — IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240832 •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40230
https://notcve.org/view.php?id=CVE-2022-40230
03 Nov 2022 — "IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532." "IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD y LTS 9.3 no invalidan la sesión después del cierre de sesión, lo que podría permitir a un usuario autenticado hacerse pasar por otro usuario en el sistema. ID de IBM X-Force: 235532". • https://www.ibm.com/support/pages/node/6622051 • CWE-613: Insufficient Session Expiration •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22356
https://notcve.org/view.php?id=CVE-2022-22356
05 Apr 2022 — IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. IBM MQ Appliance versiones 9.2 CD y 9.2 LTS, podría permitir a un atacante enumerar credenciales de cuentas debido a una discrepancia observable en los intentos de inicio de sesión válidos e inválidos. IBM X-Force ID: 220487 • https://exchange.xforce.ibmcloud.com/vulnerabilities/220487 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22355
https://notcve.org/view.php?id=CVE-2022-22355
05 Apr 2022 — IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. IBM MQ Appliance versiones 9.2 CD y 9.2 LTS, son vulnerables a una denegación de servicio en el componente de inicio de sesión de la aplicación, lo que podría permitir a un atacante causar una caída del rendimiento • https://exchange.xforce.ibmcloud.com/vulnerabilities/220486 •