The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2022-43857 | IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301. | -- | Dec 22, 2022 |
| CVE-2022-22481 | IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker can gain visibility to the fully qualified domain name of the target system and the navigator tasks page, however they do not gain the ability to perform those tasks on the system or see any specific system data. IBM X-Force ID: 225899. | MEDIUM | May 9, 2022 |
| CVE-2019-4118 | IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. IBM X-Force ID: 158144. | LOW | Jul 15, 2019 |
| CVE-2015-5022 | IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields. | Medium | Oct 7, 2015 |
| CVE-2015-7445 | IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses. | Low | Jan 7, 2016 |
| CVE-2016-0341 | IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network. | MEDIUM | May 14, 2016 |
| CVE-2018-1593 | IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568. | MEDIUM | Oct 2, 2018 |
| CVE-2020-4376 | IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081. | MEDIUM | Jul 1, 2020 |
| CVE-2020-4375 | IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080. | MEDIUM | Jul 28, 2020 |
| CVE-2020-4319 | IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402. | LOW | Jul 28, 2020 |
| CVE-2020-4465 | IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562. | MEDIUM | Jul 28, 2020 |
| CVE-2024-27255 | IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905. | -- | Mar 4, 2024 |
| CVE-2023-47745 | IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638. | -- | Mar 4, 2024 |
| CVE-2021-38950 | IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404. | MEDIUM | Dec 16, 2021 |
| CVE-2020-4352 | IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427. | MEDIUM | May 29, 2020 |
| CVE-2017-1699 | IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391. | LOW | Jan 4, 2018 |
| CVE-2015-1956 | IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1958 and CVE-2015-1987. | High | Aug 4, 2015 |
| CVE-2015-1958 | IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1987. | High | Aug 4, 2015 |
| CVE-2015-1987 | IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1958. | High | Aug 4, 2015 |
| CVE-2015-1955 | IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a crafted byte sequence in authentication data. | High | Aug 4, 2015 |
| CVE-2022-35719 | IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. | -- | Nov 16, 2022 |
| CVE-2020-4766 | IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093. | MEDIUM | Jan 22, 2021 |
| CVE-2022-40237 | IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727. | -- | Feb 27, 2023 |
| CVE-2020-4466 | IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563. | MEDIUM | Jul 22, 2020 |
| CVE-2023-22874 | IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216. | -- | May 11, 2023 |
| CVE-2023-26284 | IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417. | -- | Mar 19, 2023 |
| CVE-2021-38999 | IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. | LOW | Nov 30, 2021 |
| CVE-2020-4320 | IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403. | MEDIUM | Jun 16, 2020 |
| CVE-2023-46177 | IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536. | -- | Dec 18, 2023 |
| CVE-2023-46176 | IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535. | -- | Nov 3, 2023 |
| CVE-2024-25048 | IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137. | -- | Apr 29, 2024 |
| CVE-2022-40230 | IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532. | -- | Nov 4, 2022 |
| CVE-2022-22321 | IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. | LOW | Mar 1, 2022 |
| CVE-2020-4869 | IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831. | MEDIUM | Jan 13, 2021 |
| CVE-2021-38958 | IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042 | LOW | Nov 30, 2021 |
| CVE-2021-38986 | IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942. | MEDIUM | Mar 1, 2022 |
| CVE-2022-22316 | IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276. | MEDIUM | Mar 23, 2022 |
| CVE-2022-22356 | IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. | MEDIUM | Apr 5, 2022 |
| CVE-2021-38967 | IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. | MEDIUM | Nov 30, 2021 |
| CVE-2021-39000 | IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215. | LOW | Nov 30, 2021 |
| CVE-2022-22355 | IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. | MEDIUM | Apr 5, 2022 |
| CVE-2020-4592 | IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. | LOW | Nov 18, 2020 |
| CVE-2019-4731 | IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616. | LOW | Jul 28, 2020 |
| CVE-2020-4498 | IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118. | LOW | Jul 27, 2020 |
| CVE-2020-4938 | IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815. | MEDIUM | Jul 14, 2021 |
| CVE-2018-1429 | IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077. | LOW | Mar 24, 2018 |
| CVE-2019-4620 | IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863. | MEDIUM | Jan 31, 2020 |
| CVE-2017-1318 | IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. | HIGH | Jul 19, 2017 |
| CVE-2020-4528 | IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658. | LOW | Oct 6, 2020 |
| CVE-2020-4267 | IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840. | MEDIUM | Apr 24, 2020 |
