VYPR

MQ

by IBM

CVEs (66)

  • CVE-2020-4682CriJan 28, 2021
    risk 0.64cvss 9.8epss 0.08

    IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.

  • CVE-2022-22489CriAug 19, 2022
    risk 0.59cvss 9.1epss 0.01

    IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339.

  • CVE-2025-0975HigFeb 28, 2025
    risk 0.57cvss 8.8epss 0.01

    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.

  • CVE-2021-38950HigDec 14, 2021
    risk 0.51cvss 7.8epss 0.00

    IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404.

  • CVE-2024-40681HigSep 7, 2024
    risk 0.49cvss 7.5epss 0.00

    IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.

  • CVE-2024-31912HigJun 28, 2024
    risk 0.49cvss 7.5epss 0.00

    IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894.

  • CVE-2024-25016HigMar 3, 2024
    risk 0.49cvss 7.5epss 0.01

    IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.

  • CVE-2021-39034HigFeb 17, 2022
    risk 0.49cvss 7.5epss 0.01

    IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964.

  • CVE-2020-4766HigJan 22, 2021
    risk 0.49cvss 7.5epss 0.01

    IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.

  • CVE-2020-4870HigDec 21, 2020
    risk 0.49cvss 7.5epss 0.02

    IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833.

  • CVE-2020-4375HigJul 28, 2020
    risk 0.49cvss 7.5epss 0.02

    IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080.

  • CVE-2020-4310HigJun 16, 2020
    risk 0.49cvss 7.5epss 0.02

    IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.

  • CVE-2019-4762HigApr 16, 2020
    risk 0.49cvss 7.5epss 0.02

    IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. IBM X-Force ID: 173625.

  • CVE-2019-4055HigApr 19, 2019
    risk 0.49cvss 7.5epss 0.02

    IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564.

  • CVE-2019-4227HigOct 4, 2019
    risk 0.48cvss 7.3epss 0.01

    IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.

  • CVE-2020-4352HigMay 29, 2020
    risk 0.46cvss 7.0epss 0.00

    IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.

  • CVE-2025-23225MedFeb 28, 2025
    risk 0.42cvss 6.5epss 0.00

    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.

  • CVE-2024-51470MedDec 18, 2024
    risk 0.42cvss 6.5epss 0.01

    IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.

  • CVE-2024-35156MedJun 28, 2024
    risk 0.42cvss 6.5epss 0.01

    IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766.

  • CVE-2022-43902MedMar 10, 2023
    risk 0.42cvss 6.5epss 0.01

    IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832.

Page 1 of 4