VYPR

MQ

by IBM

CVEs (66)

  • CVE-2024-31919MedJun 28, 2024
    risk 0.38cvss 5.9epss 0.00

    IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259.

  • CVE-2023-28513MedJul 19, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.

  • CVE-2023-26285MedMay 5, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.

  • CVE-2019-4568MedJan 28, 2020
    risk 0.38cvss 5.9epss 0.01

    IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.

  • CVE-2025-0985MedFeb 28, 2025
    risk 0.36cvss 5.5epss 0.00

    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user.

  • CVE-2024-54175MedFeb 28, 2025
    risk 0.36cvss 5.5epss 0.00

    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions.

  • CVE-2024-40680MedSep 7, 2024
    risk 0.36cvss 5.5epss 0.00

    IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.

  • CVE-2022-22325MedMay 13, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853.

  • CVE-2021-38949MedNov 16, 2021
    risk 0.36cvss 5.5epss 0.00

    IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.

  • CVE-2020-4338MedApr 16, 2020
    risk 0.36cvss 5.5epss 0.00

    IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937.

  • CVE-2019-4719MedMar 16, 2020
    risk 0.36cvss 5.5epss 0.00

    IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.

  • CVE-2019-4619MedMar 16, 2020
    risk 0.36cvss 5.5epss 0.00

    IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.

  • CVE-2019-4049MedAug 20, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.

  • CVE-2022-43919MedMay 5, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.

  • CVE-2022-31772MedNov 11, 2022
    risk 0.35cvss 5.3epss 0.01

    IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.

  • CVE-2018-1883MedDec 7, 2018
    risk 0.35cvss 5.3epss 0.02

    A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969.

  • CVE-2023-45177MedMar 20, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066.

  • CVE-2023-28950MedMay 19, 2023
    risk 0.33cvss 5.1epss 0.00

    IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.

  • CVE-2022-35719MedNov 14, 2022
    risk 0.33cvss 5.1epss 0.00

    IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.

  • CVE-2024-54173MedFeb 28, 2025
    risk 0.31cvss 4.7epss 0.00

    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.