Vulnerabilites related to IBM - MQ
Vulnerability from fkie_nvd
Published
2019-10-04 14:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/159352 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/886899 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/159352 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/886899 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "090FA24F-1B0C-46D6-A597-822E9DB0B7B7", versionEndIncluding: "8.0.0.12", versionStartIncluding: "8.0.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "CD1D619F-AE0C-44C3-805D-6BD11E2D8361", versionEndIncluding: "9.0.0.6", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "019FF429-9C0B-4B5F-8C09-4581B436CC19", versionEndIncluding: "9.1.2", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "3B23C334-D8CC-4DF2-A292-D75D8B90E45E", versionEndIncluding: "9.1.0.2", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.", }, { lang: "es", value: "IBM MQ versiones 8.0.0.4 hasta 8.0.0.12, 9.0.0.0 hasta 9.0.0.6, 9.1.0.0 hasta 9.1.0.2 y 9.1.0 hasta 9.1.2. Los Listener AMQP podrían permitir a un usuario no autorizado realizar un ataque de fijación de sesión debido a clientes que no están desconectados como deberían. ID de IBM X-Force: 159352.", }, ], id: "CVE-2019-4227", lastModified: "2024-11-21T04:43:20.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-04T14:15:11.327", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159352", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/886899", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159352", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/886899", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-384", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-30 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/170966 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1106529 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/170966 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1106529 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | mq | * | |
| ibm | mq | * | |
| ibm | mq_appliance | * | |
| ibm | mq_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "0602BE96-C9C3-43FD-8F10-CA9B71805B43", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "B0E59D46-75D6-486D-8016-0B1BF8F8EB69", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "6DC4569D-0B83-4E88-A05D-3226DCF65E59", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", matchCriteriaId: "0AC72003-825A-4D5E-8012-E768CD8DFA3C", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966.", }, { lang: "es", value: "IBM MQ versiones 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2 y 9.1.3, es vulnerable a un ataque de denegación de servicio que permitiría a un usuario autenticado restablecer las conexiones del cliente debido a un error dentro de la rutina de Data Conversion. ID de IBM X-Force: 170966.", }, ], id: "CVE-2019-4655", lastModified: "2024-11-21T04:43:56.140", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-30T16:15:11.773", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1106529", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1106529", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-16 16:15
Modified
2024-11-21 04:44
Severity ?
Summary
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/172124 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1136608 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/172124 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1136608 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "307594DE-42ED-4BCA-9E0B-E8ECA97DB799", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "F65B1AC1-C86A-44B0-83A3-29101FACCEFE", versionEndIncluding: "9.0.0.9", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "0602BE96-C9C3-43FD-8F10-CA9B71805B43", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "B0E59D46-75D6-486D-8016-0B1BF8F8EB69", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "540183D8-751B-4442-9A2A-95D26AB8D23B", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "6DC4569D-0B83-4E88-A05D-3226DCF65E59", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", matchCriteriaId: "0AC72003-825A-4D5E-8012-E768CD8DFA3C", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "7C3893D3-0770-4E09-B6C5-B16EA587E217", versionEndIncluding: "7.5.0.9", versionStartIncluding: "7.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.", }, { lang: "es", value: "IBM MQ e IBM MQ Appliance versiones 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS y 9.1 CD, podrían permitir a un atacante local obtener información confidencial mediante la inclusión de datos confidenciales dentro de los datos runmqras.", }, ], id: "CVE-2019-4719", lastModified: "2024-11-21T04:44:02.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-16T16:15:12.750", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1136608", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1136608", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-19 19:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/226339 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6613021 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/226339 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6613021 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CC5F66BE-1A17-4A4E-AC8C-EA1CAF7AC09C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "4C360A44-E6C3-4E17-A86C-6B712E80CF16", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "2E9E3A1B-D35D-4029-835C-C27917C2ABD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "040DDAAF-8039-46BD-A11B-DC3BDFC136C6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", matchCriteriaId: "150A8804-DEE3-4974-B056-296AA8781131", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339.", }, { lang: "es", value: "IBM MQ versiones 8.0, (9.0, 9.1, 9.2 LTS) y (9.1 y 9.2 CD) son vulnerables a un ataque de tipo XML External Entity Injection (XXE) cuando son procesados datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. IBM X-Force ID: 226339.", }, ], id: "CVE-2022-22489", lastModified: "2024-11-21T06:46:53.557", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-19T19:15:07.467", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/226339", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6613021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/226339", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6613021", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-16 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/177403 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/5736885 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/177403 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/5736885 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "8E9843A4-04F5-4511-AFDE-E10FE9EEA656", versionEndExcluding: "8.0.0.15", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "03F00921-9822-4065-876C-1B53D19989FA", versionEndExcluding: "9.0.0.10", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "8AB35A75-BE63-4CD3-AB00-DF7FC284A2C0", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "92E9574E-C0C0-490E-8B5D-E9F90B109302", versionEndExcluding: "9.1.0.5", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.", }, { lang: "es", value: "IBM MQ Appliance e IBM MQ AMQP Channels versiones 8.0, 9.0 LTS, 9.1 LTS y 9.1 CD, no bloquean ni habilitan correctamente a los clientes basados en la configuración SSLPEER del nombre distinguido del certificado. IBM X-Force ID: 177403", }, ], id: "CVE-2020-4320", lastModified: "2024-11-21T05:32:35.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-16T14:15:11.463", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177403", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/5736885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/5736885", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-17 17:15
Modified
2024-11-21 06:18
Severity ?
Summary
IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/213964 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6556466 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/213964 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6556466 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "034802EE-DB45-43BC-AF79-6FE15F4011B7", versionEndIncluding: "9.1.0.9", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964.", }, { lang: "es", value: "IBM MQ versión 9.1 LTS, es vulnerable a un ataque de denegación de servicio causado por un problema en el proceso del canal. IBM X-Force ID: 213964", }, ], id: "CVE-2021-39034", lastModified: "2024-11-21T06:18:27.623", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-17T17:15:09.323", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213964", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6556466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213964", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6556466", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-28 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/186509 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6408626 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/186509 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6408626 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | mq | 8.0.0.0 | |
| ibm | mq | 8.0.0.1 | |
| ibm | mq | 8.0.0.2 | |
| ibm | mq | 8.0.0.3 | |
| ibm | mq | 8.0.0.4 | |
| ibm | mq | 8.0.0.5 | |
| ibm | mq | 8.0.0.6 | |
| ibm | mq | 8.0.0.7 | |
| ibm | mq | 8.0.0.8 | |
| ibm | mq | 8.0.0.9 | |
| ibm | mq | 8.0.0.10 | |
| ibm | mq | 8.0.0.11 | |
| ibm | mq | 8.0.0.12 | |
| ibm | mq | 8.0.0.13 | |
| ibm | mq | 8.0.0.14 | |
| ibm | mq | 8.0.0.15 | |
| ibm | mq | 9.0.0.0 | |
| ibm | mq | 9.0.0.1 | |
| ibm | mq | 9.0.0.2 | |
| ibm | mq | 9.0.0.3 | |
| ibm | mq | 9.0.0.4 | |
| ibm | mq | 9.0.0.5 | |
| ibm | mq | 9.0.0.6 | |
| ibm | mq | 9.0.0.7 | |
| ibm | mq | 9.0.0.8 | |
| ibm | mq | 9.0.0.9 | |
| ibm | mq | 9.0.0.10 | |
| ibm | mq | 9.1.0.0 | |
| ibm | mq | 9.1.0.1 | |
| ibm | mq | 9.1.0.2 | |
| ibm | mq | 9.1.0.3 | |
| ibm | mq | 9.1.0.4 | |
| ibm | mq | 9.1.0.5 | |
| ibm | mq | 9.1.0.6 | |
| ibm | mq | 9.2.0.0 | |
| ibm | mq | 9.2.1.0 | |
| ibm | mq_appliance | 9.2.0.0 | |
| ibm | websphere_mq | 7.5.0.0 | |
| ibm | websphere_mq | 7.5.0.1 | |
| ibm | websphere_mq | 7.5.0.2 | |
| ibm | websphere_mq | 7.5.0.3 | |
| ibm | websphere_mq | 7.5.0.4 | |
| ibm | websphere_mq | 7.5.0.5 | |
| ibm | websphere_mq | 7.5.0.6 | |
| ibm | websphere_mq | 7.5.0.7 | |
| ibm | websphere_mq | 7.5.0.8 | |
| ibm | websphere_mq | 7.5.0.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CC5F66BE-1A17-4A4E-AC8C-EA1CAF7AC09C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "DF9603C1-D840-4904-AE6F-A22DD1EE62A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89484A74-154F-4B7F-97C7-A8014CE90B1A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "2B7D03F7-37F6-4D27-A24C-2C6D5118D8AF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "01735BC7-4CF2-4A52-9A4A-3DE470161C46", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "743149EB-7330-470B-B2FF-E1881E52FCC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "B683ED2B-D16D-45B6-AA2E-85C53BD365FF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1D8A3EDB-A8B2-4D4B-8BFF-4FCAA71C6E0C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.8:*:*:*:*:*:*:*", matchCriteriaId: "C955E798-BFC9-40ED-9C87-7419258D5B7D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.9:*:*:*:*:*:*:*", matchCriteriaId: "CFC27C59-29E3-4003-A0B2-8E8523607BF0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.10:*:*:*:*:*:*:*", matchCriteriaId: "27181014-820E-4F83-9A4C-3BFE20C3F51C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.11:*:*:*:*:*:*:*", matchCriteriaId: "D50267F1-CDF0-44C0-AD00-2B31056ADA81", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.12:*:*:*:*:*:*:*", matchCriteriaId: "ABC33CD9-114F-44FE-803B-481CE0FA1152", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.13:*:*:*:*:*:*:*", matchCriteriaId: "03A4D2DF-CD27-495D-97BD-8368544BA79A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.14:*:*:*:*:*:*:*", matchCriteriaId: "D051AEA9-B175-4596-82E1-5C1947E90B78", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.15:*:*:*:*:*:*:*", matchCriteriaId: "B79D5A00-E1B4-4C84-A785-DE95AA269D41", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.1:*:*:*:lts:*:*:*", matchCriteriaId: "34EE34F4-C261-490A-99D3-39931015AF7B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.2:*:*:*:lts:*:*:*", matchCriteriaId: "2F6183AA-BD76-4296-B5F4-4BF5C208D6BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.3:*:*:*:lts:*:*:*", matchCriteriaId: "64E400B5-794D-464B-86AB-18DFF51B513B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.4:*:*:*:lts:*:*:*", matchCriteriaId: "AF0640FB-9FC1-42DC-AE8E-F5D08F91499C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.5:*:*:*:lts:*:*:*", matchCriteriaId: "3A17226C-45FE-4813-986E-E56FAE069ED6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.6:*:*:*:lts:*:*:*", matchCriteriaId: "86076A60-CF54-4415-BBB8-43FCE6DAA730", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.7:*:*:*:lts:*:*:*", matchCriteriaId: "377AD541-582A-42BA-95E4-6D5C83853935", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.8:*:*:*:lts:*:*:*", matchCriteriaId: "E740B9BE-F7FE-4C5B-AAA2-374317DB311F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.9:*:*:*:lts:*:*:*", matchCriteriaId: "9E11D5A7-36E7-486F-ADF0-249077131F25", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.10:*:*:*:lts:*:*:*", matchCriteriaId: "7A734DD2-B1AB-4878-8FC3-B2DE1E0594A6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "2E9E3A1B-D35D-4029-835C-C27917C2ABD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.1:*:*:*:lts:*:*:*", matchCriteriaId: "5B896932-B8E9-4DC9-AFEF-FA78A582C6A9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.2:*:*:*:lts:*:*:*", matchCriteriaId: "68CA3D42-2435-40A7-A3C0-C3D96AF0FFE9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.3:*:*:*:lts:*:*:*", matchCriteriaId: "7050C0EB-7265-4E8C-A409-F12D290C7814", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.4:*:*:*:lts:*:*:*", matchCriteriaId: "A659039B-261A-4EC9-A98C-5F8AED25DC8D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.5:*:*:*:lts:*:*:*", matchCriteriaId: "968BD11F-D548-4288-BA30-1ED1633E6E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.6:*:*:*:lts:*:*:*", matchCriteriaId: "272C2020-A724-4F41-8AD4-E0F821711653", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "A5A3F5F2-7759-47F3-948B-59A2DF6DD0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.1.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "D278C55A-7E38-469F-9D65-35EB02C271F1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "0D974075-234B-443A-A6BE-3E2547379894", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "FB55C2B8-5202-4902-B5F3-8254424062F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0343E94F-6DE2-4E27-AFC5-D4650A4519F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BDA4EE08-D531-4957-BF2A-C5A9ABB0F38D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "751BF695-E27A-4D9F-9190-84A7BCD5E268", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CDA1EF24-9710-4C4A-8059-917C02185CA3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "CC257545-44A3-4659-951D-F4DFF3B87CFB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FD4E86C-0E58-4A91-A18C-534464BC197A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "AE4B1F7A-8989-4B4E-A75E-037B38ED7536", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D98FEC2B-14F4-48EF-A7D2-DA4451EBD402", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.9:*:*:*:*:*:*:*", matchCriteriaId: "D70EC47A-CDF1-45AC-8393-EE6A604AE538", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.", }, { lang: "es", value: "IBM MQ versiones 7.5, 8.0, 9.0, 9.1, 9.2 LTS y 9.2 CD, podrían permitir a un atacante remoto ejecutar código arbitrario en el sistema, causado por una deserialización no segura de datos confiables. Un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema. IBM X-Force ID: 186509", }, ], id: "CVE-2020-4682", lastModified: "2024-11-21T05:33:07.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-28T13:15:12.000", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6408626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6408626", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-01 17:15
Modified
2024-11-21 06:18
Severity ?
Summary
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/212942 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6560032 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/212942 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6560032 | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "5E17A506-498F-41A1-8CAF-37117AB91849", versionEndExcluding: "9.2.0.4", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "0F108246-A354-4C84-A960-E0AF77BD8633", versionEndExcluding: "9.2.5", versionStartIncluding: "9.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.", }, { lang: "es", value: "IBM MQ Appliance versiones 9.2 CD y 9.2 LTS, no invalida la sesión tras el cierre de sesión, lo que podría permitir a un usuario autenticado hacerse pasar por otro usuario en el sistema. IBM X-Force ID: 212942.", }, ], id: "CVE-2021-38986", lastModified: "2024-11-21T06:18:21.793", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-01T17:15:08.013", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/212942", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6560032", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/212942", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6560032", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-613", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-21 18:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/190833 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6380742 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6386466 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/190833 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6380742 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6386466 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "040DDAAF-8039-46BD-A11B-DC3BDFC136C6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", matchCriteriaId: "150A8804-DEE3-4974-B056-296AA8781131", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", matchCriteriaId: "C684FC45-C9BA-4EF0-BD06-BB289450DD21", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*", matchCriteriaId: "B955E472-47E3-4C32-847B-F6BB05594BA3", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833.", }, { lang: "es", value: "IBM MQ versiones 9.2 CD y LTS, son vulnerables a un ataque de denegación de servicio causado por un error al procesar unas aplicaciones de conexión. IBM X-Force ID: 190833", }, ], id: "CVE-2020-4870", lastModified: "2024-11-21T05:33:20.740", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-21T18:15:16.447", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6380742", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6386466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6380742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6386466", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-28 18:15
Modified
2024-11-21 09:14
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "2E9E3A1B-D35D-4029-835C-C27917C2ABD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", matchCriteriaId: "150A8804-DEE3-4974-B056-296AA8781131", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "89BDCCFD-C1DF-4E19-8597-DF87C56D7E09", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", matchCriteriaId: "BF356AA2-43D1-422A-80E1-822AE9C08094", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259.", }, { lang: "es", value: "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS y 9.3 CD, en determinadas configuraciones, es vulnerable a un ataque de denegación de servicio provocado por un error al procesar mensajes cuando se utiliza una salida de API utilizando MQBUFMH. ID de IBM X-Force: 290259.", }, ], id: "CVE-2024-31919", lastModified: "2024-11-21T09:14:07.353", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-28T18:15:03.940", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/290259", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7157979", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/290259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7157979", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-16 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/168862 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1135101 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/168862 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1135101 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "307594DE-42ED-4BCA-9E0B-E8ECA97DB799", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "F65B1AC1-C86A-44B0-83A3-29101FACCEFE", versionEndIncluding: "9.0.0.9", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "0602BE96-C9C3-43FD-8F10-CA9B71805B43", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "B0E59D46-75D6-486D-8016-0B1BF8F8EB69", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "540183D8-751B-4442-9A2A-95D26AB8D23B", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "6DC4569D-0B83-4E88-A05D-3226DCF65E59", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", matchCriteriaId: "0AC72003-825A-4D5E-8012-E768CD8DFA3C", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "7C3893D3-0770-4E09-B6C5-B16EA587E217", versionEndIncluding: "7.5.0.9", versionStartIncluding: "7.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.", }, { lang: "es", value: "IBM MQ e IBM MQ Appliance versiones 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS y 9.1 CD, podrían permitir a un atacante local obtener información confidencial mediante la inclusión de datos confidenciales dentro de una traza. ID de IBM X-Force: 168862.", }, ], id: "CVE-2019-4619", lastModified: "2024-11-21T04:43:52.833", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-16T16:15:12.577", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1135101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1135101", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-209", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-19 02:15
Modified
2024-11-21 07:55
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7007421 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7007731 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7007421 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7007731 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | mq | 9.0.0.0 | |
| ibm | mq | 9.1.0.0 | |
| ibm | mq | 9.2.0 | |
| ibm | mq | 9.2.0 | |
| ibm | mq | 9.3.0 | |
| ibm | mq | 9.3.0 | |
| hp | hp-ux | - | |
| ibm | aix | - | |
| ibm | i | - | |
| ibm | linux_on_ibm_z | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| oracle | solaris | - | |
| ibm | mq_appliance | 9.2.0.0 | |
| ibm | mq_appliance | 9.2.0.0 | |
| ibm | mq_appliance | 9.3.0.0 | |
| ibm | mq_appliance | 9.3.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "2E9E3A1B-D35D-4029-835C-C27917C2ABD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "040DDAAF-8039-46BD-A11B-DC3BDFC136C6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", matchCriteriaId: "150A8804-DEE3-4974-B056-296AA8781131", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "89BDCCFD-C1DF-4E19-8597-DF87C56D7E09", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", matchCriteriaId: "BF356AA2-43D1-422A-80E1-822AE9C08094", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", matchCriteriaId: "C684FC45-C9BA-4EF0-BD06-BB289450DD21", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*", matchCriteriaId: "B955E472-47E3-4C32-847B-F6BB05594BA3", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "90B0DD83-2F06-4829-8975-73B12A26A8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "0D974075-234B-443A-A6BE-3E2547379894", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "94219FC3-3106-4A79-B35B-67B4BE0D8857", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "217E8C0E-A3EB-44E8-929F-BBB3E1D43BA0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.", }, ], id: "CVE-2023-28513", lastModified: "2024-11-21T07:55:15.897", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-19T02:15:09.530", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7007421", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7007731", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7007421", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7007731", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-28 18:15
Modified
2024-11-21 09:19
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "89BDCCFD-C1DF-4E19-8597-DF87C56D7E09", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", matchCriteriaId: "BF356AA2-43D1-422A-80E1-822AE9C08094", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765.", }, { lang: "es", value: "IBM MQ Console 9.3 LTS y 9.3 CD podrían revelar que podrían permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. ID de IBM X-Force: 292765.", }, ], id: "CVE-2024-35155", lastModified: "2024-11-21T09:19:50.290", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-28T18:15:04.170", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292765", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292765", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158059", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-209", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-209", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-28 19:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/166629 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1106517 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/166629 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1106517 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "307594DE-42ED-4BCA-9E0B-E8ECA97DB799", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "8455D1E8-4FF2-40B1-AE62-453218308BFA", versionEndExcluding: "9.0.0.8", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "540183D8-751B-4442-9A2A-95D26AB8D23B", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.", }, { lang: "es", value: "IBM MQ e IBM MQ Appliance versiones 8.0 y 9.0 LTS, podrían permitir a un atacante remoto con un conocimiento íntimo del servidor causar una denegación de servicio cuando son recibidos datos en el canal. ID de IBM X-Force: 166629.", }, ], id: "CVE-2019-4568", lastModified: "2024-11-21T04:43:45.067", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-28T19:15:13.017", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166629", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1106517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1106517", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-16 17:15
Modified
2024-11-21 06:18
Severity ?
Summary
IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/211403 | Broken Link, VDB Entry | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6516424 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/211403 | Broken Link, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6516424 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "307594DE-42ED-4BCA-9E0B-E8ECA97DB799", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "13D55813-BBE9-4FC0-B631-B468DC360E11", versionEndExcluding: "9.0.0.9", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "8AB35A75-BE63-4CD3-AB00-DF7FC284A2C0", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "92E9574E-C0C0-490E-8B5D-E9F90B109302", versionEndExcluding: "9.1.0.5", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", matchCriteriaId: "C684FC45-C9BA-4EF0-BD06-BB289450DD21", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.", }, { lang: "es", value: "IBM MQ versiones 7.5, 8.0, 9.0 LTS, 9.1 CD y 9.1 LTS, almacena las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario local. IBM X-Force ID: 211403", }, ], id: "CVE-2021-38949", lastModified: "2024-11-21T06:18:16.567", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-16T17:15:06.920", references: [ { source: "psirt@us.ibm.com", tags: [ "Broken Link", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/211403", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6516424", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/211403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6516424", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-312", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-11 19:15
Modified
2024-11-21 07:05
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/228335 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6833806 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/228335 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6833806 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CC5F66BE-1A17-4A4E-AC8C-EA1CAF7AC09C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "4C360A44-E6C3-4E17-A86C-6B712E80CF16", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "2E9E3A1B-D35D-4029-835C-C27917C2ABD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "040DDAAF-8039-46BD-A11B-DC3BDFC136C6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", matchCriteriaId: "150A8804-DEE3-4974-B056-296AA8781131", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", matchCriteriaId: "C684FC45-C9BA-4EF0-BD06-BB289450DD21", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*", matchCriteriaId: "B955E472-47E3-4C32-847B-F6BB05594BA3", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nIBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.\n\n", }, { lang: "es", value: "IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD y 9.2 LTS podrían permitir que un usuario autenticado y autorizado provoque una denegación de servicio a los canales MQTT. ID de IBM X-Force: 228335.", }, ], id: "CVE-2022-31772", lastModified: "2024-11-21T07:05:17.003", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-11T19:15:10.170", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/228335", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6833806", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/228335", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6833806", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-05 14:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/160013 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10886887 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/160013 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10886887 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "378FDA1D-6ED0-4A6E-84B9-02BF8AE8DCAE", versionEndIncluding: "8.0.0.11", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "CD1D619F-AE0C-44C3-805D-6BD11E2D8361", versionEndIncluding: "9.0.0.6", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "019FF429-9C0B-4B5F-8C09-4581B436CC19", versionEndIncluding: "9.1.2", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "3B23C334-D8CC-4DF2-A292-D75D8B90E45E", versionEndIncluding: "9.1.0.2", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "608A2459-5996-492A-BE82-CD008CA35814", versionEndIncluding: "7.1.0.9", versionStartIncluding: "7.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "FB8AA3EF-67B7-40CA-8FF0-27482CA5F5A5", versionEndIncluding: "7.5.0.9", versionStartIncluding: "7.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.", }, { lang: "es", value: "IBM WebSphere MQ versión V7.1, 7.5, IBM MQ versión V8, IBM MQ versión V9.0LTS, IBM MQ versión V9.1 LTS e IBM MQ versión V9.1 CD, son vulnerables a un ataque de denegación de servicio causado por mensajes especialmente diseñados. ID de IBM X-Force: 160013.", }, ], id: "CVE-2019-4261", lastModified: "2024-11-21T04:43:23.613", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-05T14:15:12.007", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10886887", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10886887", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-19 15:15
Modified
2024-11-21 07:55
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/250398 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6985835 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/250398 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6985835 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CC5F66BE-1A17-4A4E-AC8C-EA1CAF7AC09C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "4C360A44-E6C3-4E17-A86C-6B712E80CF16", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "2E9E3A1B-D35D-4029-835C-C27917C2ABD7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", matchCriteriaId: "C684FC45-C9BA-4EF0-BD06-BB289450DD21", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.", }, ], id: "CVE-2023-28514", lastModified: "2024-11-21T07:55:16.053", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-19T15:15:08.750", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/250398", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6985835", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/250398", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6985835", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-209", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-21 16:00
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/107530 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/150661 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10734457 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107530 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/150661 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10734457 | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "388089D2-4655-4796-91E7-17BE2FAA34AD", versionEndIncluding: "9.0.5", versionStartIncluding: "9.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "79E34534-554A-4099-8F94-E9A435986890", versionEndIncluding: "9.1.0.1", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661.", }, { lang: "es", value: "La consola de IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0 y 9.1.0.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podría dar lugar a una revelación de credenciales en una sesión de confianza. IBM X-Force ID: 150661.", }, ], id: "CVE-2018-1836", lastModified: "2024-11-21T04:00:28.840", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-21T16:00:28.310", references: [ { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107530", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150661", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734457", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107530", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150661", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734457", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-19 16:15
Modified
2024-11-21 07:56
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/251358 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://https://www.ibm.com/support/pages/node/6985837 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/251358 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://https://www.ibm.com/support/pages/node/6985837 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CC5F66BE-1A17-4A4E-AC8C-EA1CAF7AC09C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "2E9E3A1B-D35D-4029-835C-C27917C2ABD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "040DDAAF-8039-46BD-A11B-DC3BDFC136C6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", matchCriteriaId: "150A8804-DEE3-4974-B056-296AA8781131", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "89BDCCFD-C1DF-4E19-8597-DF87C56D7E09", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", matchCriteriaId: "BF356AA2-43D1-422A-80E1-822AE9C08094", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", matchCriteriaId: "C684FC45-C9BA-4EF0-BD06-BB289450DD21", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.", }, ], id: "CVE-2023-28950", lastModified: "2024-11-21T07:56:16.380", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-19T16:15:14.163", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/251358", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://https://www.ibm.com/support/pages/node/6985837", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/251358", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://https://www.ibm.com/support/pages/node/6985837", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-01 17:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/218368 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6560042 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/218368 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6560042 | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "86A4BDFD-F72C-41EF-9838-802E97D45277", versionEndExcluding: "9.2.0.5", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "0F108246-A354-4C84-A960-E0AF77BD8633", versionEndExcluding: "9.2.5", versionStartIncluding: "9.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.", }, { lang: "es", value: "Los usuarios de mensajería local de IBM MQ Appliance versiones 9.2 CD y 9.2 LTS, son almacenados con un hash de contraseña que proporciona una protección insuficiente. IBM X-Force ID: 218368.", }, ], id: "CVE-2022-22321", lastModified: "2024-11-21T06:46:38.320", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-01T17:15:08.073", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6560042", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6560042", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-20 19:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/156398 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10870490 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/156398 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10870490 | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "1AB5FD35-B454-4C9A-BD7C-58C80AF05189", versionEndIncluding: "9.1.1", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "3B23C334-D8CC-4DF2-A292-D75D8B90E45E", versionEndIncluding: "9.1.0.2", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.", }, { lang: "es", value: "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1 y 9.1.0.2 es vulnerable a una denegación de servicio debido a que un usuario local puede llenar el espacio en disco del sistema de archivos subyacente utilizando el servicio de registro de errores. ID de IBM X-Force: 156398.", }, ], id: "CVE-2019-4049", lastModified: "2024-11-21T04:43:05.367", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-20T19:15:11.493", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156398", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870490", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156398", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870490", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-19 17:29
Modified
2024-11-21 04:43
Severity ?
Summary
IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/108027 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/156564 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10870484 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108027 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/156564 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10870484 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | mq | * | |
| ibm | mq | * | |
| ibm | mq | * | |
| ibm | mq | * | |
| ibm | mq_appliance | * | |
| ibm | mq_appliance | * | |
| ibm | mq_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "7B6385E2-686D-47AC-B121-58A791240EE6", versionEndIncluding: "8.0.0.10", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "717340F0-0822-451B-A206-7706694DAF59", versionEndIncluding: "9.0.0.5", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "1AB5FD35-B454-4C9A-BD7C-58C80AF05189", versionEndIncluding: "9.1.1", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "79E34534-554A-4099-8F94-E9A435986890", versionEndIncluding: "9.1.0.1", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "BAEAAC4A-C144-406D-BF1C-8E08E625E790", versionEndIncluding: "8.0.0.10", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "47D3ECA7-7019-4547-AB8D-5BCE0CAD3563", versionEndIncluding: "9.1.1", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", matchCriteriaId: "5F2B99BA-7AF9-4978-9006-301079C86817", versionEndIncluding: "9.1.0.1", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564.", }, { lang: "es", value: "IBM MQ versiones desde la 8.0.0.0.0 hasta 8.0.0.0.10, desde la 9.0.0.0.0 hasta la 9.0.0.5 y desde la 9.1.0.0 hasta la 9.1.1.1 es vulnerable a un ataque de denegación de servicio dentro de la función de renegociación de claves de TLS. IBM X-Force ID: 156564.", }, ], id: "CVE-2019-4055", lastModified: "2024-11-21T04:43:05.823", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-19T17:29:01.987", references: [ { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108027", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108027", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870484", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-07 16:29
Modified
2024-11-21 04:00
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106146 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/151969 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10738197 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106146 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/151969 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10738197 | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "388089D2-4655-4796-91E7-17BE2FAA34AD", versionEndIncluding: "9.0.5", versionStartIncluding: "9.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "2E9E3A1B-D35D-4029-835C-C27917C2ABD7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969.", }, { lang: "es", value: "Un problema en las versiones 9.0.2, 9.0.3, 9.0.4, 9.0.5 y 9.1.0.0 de la API REST de la consola de IBM MQ podría permitir que los atacantes ejecuten un ataque de denegación de servicio (DoS) que evita que los usuarios inicien sesión en la API REST de la consola MQ. IBM X-Force ID: 151969.", }, ], id: "CVE-2018-1883", lastModified: "2024-11-21T04:00:31.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-07T16:29:00.473", references: [ { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106146", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/151969", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10738197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106146", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/151969", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10738197", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-23 20:15
Modified
2024-11-21 06:18
Severity ?
Summary
IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/208398 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6517672 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/208398 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6517672 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CC5F66BE-1A17-4A4E-AC8C-EA1CAF7AC09C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "4C360A44-E6C3-4E17-A86C-6B712E80CF16", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "2E9E3A1B-D35D-4029-835C-C27917C2ABD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "040DDAAF-8039-46BD-A11B-DC3BDFC136C6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", matchCriteriaId: "150A8804-DEE3-4974-B056-296AA8781131", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398.", }, { lang: "es", value: "IBM MQ versiones 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD y 9.2 CD, es vulnerable a un ataque de denegación de servicio causado por un error de procesamiento de mensajes. IBM X-Force ID: 208398", }, ], id: "CVE-2021-38875", lastModified: "2024-11-21T06:18:07.927", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-23T20:15:11.463", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/208398", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6517672", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/208398", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6517672", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-24 16:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/175840 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6195384 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/175840 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6195384 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "307594DE-42ED-4BCA-9E0B-E8ECA97DB799", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "B0E59D46-75D6-486D-8016-0B1BF8F8EB69", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "D27D8F49-7FAA-4E4B-BCE4-34F4CF0282BA", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.", }, { lang: "es", value: "IBM MQ y MQ Appliance versiones 8.0, 9.1 LTS y 9.1 CD, podrían permitir a un usuario autenticado causar una denegación de servicio debido a una pérdida de la memoria. ID de IBM X-Force: 175840.", }, ], id: "CVE-2020-4267", lastModified: "2024-11-21T05:32:29.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-24T16:15:13.307", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6195384", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6195384", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-28 18:15
Modified
2024-11-21 09:14
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "89BDCCFD-C1DF-4E19-8597-DF87C56D7E09", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", matchCriteriaId: "BF356AA2-43D1-422A-80E1-822AE9C08094", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894.", }, { lang: "es", value: "IBM MQ 9.3 LTS y 9.3 CD podrían permitir que un usuario autenticado escale sus privilegios bajo ciertas configuraciones debido a una asignación de privilegios incorrecta. ID de IBM X-Force: 289894.", }, ], id: "CVE-2024-31912", lastModified: "2024-11-21T09:14:07.060", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-28T18:15:03.673", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/289894", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/289894", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158072", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-12 04:15
Modified
2024-11-21 07:24
Severity ?
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CC5F66BE-1A17-4A4E-AC8C-EA1CAF7AC09C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "4C360A44-E6C3-4E17-A86C-6B712E80CF16", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "2E9E3A1B-D35D-4029-835C-C27917C2ABD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "040DDAAF-8039-46BD-A11B-DC3BDFC136C6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", matchCriteriaId: "150A8804-DEE3-4974-B056-296AA8781131", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "89BDCCFD-C1DF-4E19-8597-DF87C56D7E09", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", matchCriteriaId: "BF356AA2-43D1-422A-80E1-822AE9C08094", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", matchCriteriaId: "C684FC45-C9BA-4EF0-BD06-BB289450DD21", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*", matchCriteriaId: "B955E472-47E3-4C32-847B-F6BB05594BA3", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.", }, ], id: "CVE-2022-42436", lastModified: "2024-11-21T07:24:58.130", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-12T04:15:15.850", references: [ { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238206", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6909467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6909467", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-28 19:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/168639 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1106523 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/168639 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1106523 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | mq | * | |
| ibm | mq | * | |
| ibm | mq | * | |
| ibm | mq | * | |
| ibm | mq_appliance | * | |
| ibm | mq_appliance | * | |
| ibm | mq_appliance | * | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| oracle | solaris | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "307594DE-42ED-4BCA-9E0B-E8ECA97DB799", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "8455D1E8-4FF2-40B1-AE62-453218308BFA", versionEndExcluding: "9.0.0.8", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "0602BE96-C9C3-43FD-8F10-CA9B71805B43", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "68F1E224-398D-4A8A-8167-154631F68CFF", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "540183D8-751B-4442-9A2A-95D26AB8D23B", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "6DC4569D-0B83-4E88-A05D-3226DCF65E59", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "46A57561-2066-4110-A920-E297E80A1CEB", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639.", }, { lang: "es", value: "El cliente IBM MQ e IBM MQ Appliance versiones 8.0 y 9.0 LTS, que se conectan a un Queue Manager podría causar una denegación de servicio SIGSEGV causada por la conversión de un mensaje no válido. ID de IBM X-Force: 168639.", }, ], id: "CVE-2019-4614", lastModified: "2024-11-21T04:43:52.270", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-28T19:15:13.123", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1106523", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1106523", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-28 19:15
Modified
2024-11-21 09:19
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/292766 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7158058 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/292766 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7158058 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "4DD52D2F-285B-411F-A3AD-0425DF8A9BCF", versionEndExcluding: "9.3.0.20", versionStartIncluding: "9.3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "F269675C-6B94-46A4-86FA-635841C87EAB", versionEndExcluding: "9.4.0.0", versionStartIncluding: "9.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766.", }, { lang: "es", value: "IBM MQ 9.3 LTS y 9.3 CD podrían permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. ID de IBM X-Force: 292766.", }, ], id: "CVE-2024-35156", lastModified: "2024-11-21T09:19:50.443", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-28T19:15:05.917", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292766", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158058", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292766", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158058", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-209", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-28 19:15
Modified
2024-11-21 09:19
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/290335 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7157387 | Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7158071 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/290335 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7157387 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7158071 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "0F7AE324-028C-4DCB-A1BB-BE209125EEF6", versionEndExcluding: "9.0.0.26", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "84B085AC-205B-441B-90C0-3731FDB3684E", versionEndExcluding: "9.1.0.22", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "33B307E9-EF56-4AC2-8DD2-F12B106AB720", versionEndExcluding: "9.2.0.26", versionStartIncluding: "9.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "4DD52D2F-285B-411F-A3AD-0425DF8A9BCF", versionEndExcluding: "9.3.0.20", versionStartIncluding: "9.3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "F269675C-6B94-46A4-86FA-635841C87EAB", versionEndExcluding: "9.4.0.0", versionStartIncluding: "9.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.", }, { lang: "es", value: "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS y 9.3 CD es vulnerable a un ataque de denegación de servicio causado por un error al aplicar cambios de configuración. ID de IBM X-Force: 290335.", }, ], id: "CVE-2024-35116", lastModified: "2024-11-21T09:19:48.577", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-28T19:15:05.677", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/290335", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7157387", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158071", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/290335", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7157387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158071", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-789", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-16 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/170967 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1135095 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/170967 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1135095 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "307594DE-42ED-4BCA-9E0B-E8ECA97DB799", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "F65B1AC1-C86A-44B0-83A3-29101FACCEFE", versionEndIncluding: "9.0.0.9", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "0602BE96-C9C3-43FD-8F10-CA9B71805B43", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "B0E59D46-75D6-486D-8016-0B1BF8F8EB69", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "540183D8-751B-4442-9A2A-95D26AB8D23B", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "7C3893D3-0770-4E09-B6C5-B16EA587E217", versionEndIncluding: "7.5.0.9", versionStartIncluding: "7.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.", }, { lang: "es", value: "IBM MQ e IBM MQ Appliance versiones 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS y 9.1 CD, es vulnerable a un ataque de denegación de servicio que permitiría a un usuario autenticado bloquear la cola y requerir un reinicio debido a un fallo al procesar los mensajes de error. ID de IBM X-Force: 170967.", }, ], id: "CVE-2019-4656", lastModified: "2024-11-21T04:43:56.300", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-16T16:15:12.670", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1135095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1135095", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 16:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/177937 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6172539 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/177937 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6172539 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "8AB35A75-BE63-4CD3-AB00-DF7FC284A2C0", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937.", }, { lang: "es", value: "IBM MQ versión 9.1.4, podría permitir a un atacante local obtener información confidencial mediante la inclusión de datos confidenciales dentro de datos runmqras. IBM X-Force ID: 177937.", }, ], id: "CVE-2020-4338", lastModified: "2024-11-21T05:32:36.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T16:15:13.477", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177937", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6172539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6172539", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-16 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/177081 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6223914 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/177081 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6223914 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "8E9843A4-04F5-4511-AFDE-E10FE9EEA656", versionEndExcluding: "8.0.0.15", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "03F00921-9822-4065-876C-1B53D19989FA", versionEndExcluding: "9.0.0.10", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "8AB35A75-BE63-4CD3-AB00-DF7FC284A2C0", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "92E9574E-C0C0-490E-8B5D-E9F90B109302", versionEndExcluding: "9.1.0.5", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1:*:*:*:*:*:*:*", matchCriteriaId: "417A12D5-4E6E-487E-9515-2410B3697639", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.", }, { lang: "es", value: "IBM MQ y MQ Appliance versiones 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS y versión 9.1 C, son vulnerables a un ataque de denegación de servicio debido a un error en la lógica de Conversión de Datos. ID de IBM X-Force: 177081", }, ], id: "CVE-2020-4310", lastModified: "2024-11-21T05:32:34.130", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-16T14:15:11.070", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177081", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6223914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6223914", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-26 15:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/162084 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://supportcontent.ibm.com/support/pages/node/886885 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/162084 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportcontent.ibm.com/support/pages/node/886885 | Permissions Required, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "0B3E8BAA-BB8B-4C63-A986-FB29EBBD4E1F", versionEndIncluding: "7.1.0.9", versionStartIncluding: "7.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "54B6D57B-1905-465D-BCE4-EE13032C79C7", versionEndIncluding: "7.5.0.9", versionStartIncluding: "7.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "621438DD-AB6A-4460-97AE-63E9D8404108", versionEndIncluding: "8.0.0.12", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "A43C5FE8-5203-4821-9683-4246C229154A", versionEndIncluding: "9.0.0.6", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "4584F29F-68F7-4D41-BE59-F6E453EAD853", versionEndIncluding: "9.1.2.0", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084.", }, { lang: "es", value: "En IBM MQ versiones 7.5.0.0 hasta 7.5.0.9, 7.1.0.0 hasta 7.1.0.9, 8.0.0.0 hasta 8.0.0.12, 9.0.0.0 hasta 9.0.0.6, 9.1.0.0 hasta 9.1.0.2 y 9.1.0 hasta 9.1.2. El servidor de comandos es vulnerable a un ataque de denegación de servicio causado por parte de un usuario autenticado y autorizado utilizando mensajes PCF especialmente diseñados. ID de IBM X-Force: 162084.", }, ], id: "CVE-2019-4378", lastModified: "2024-11-21T04:43:30.980", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-26T15:15:10.380", references: [ { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/162084", }, { source: "psirt@us.ibm.com", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://supportcontent.ibm.com/support/pages/node/886885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/162084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://supportcontent.ibm.com/support/pages/node/886885", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-24 18:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191747 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6403295 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191747 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6403295 | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "4C360A44-E6C3-4E17-A86C-6B712E80CF16", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "2E9E3A1B-D35D-4029-835C-C27917C2ABD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "AF700EBE-9E12-40AD-85B6-2B4C53514EC1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.", }, { lang: "es", value: "IBM MQ versiones 9.1 LTS, 9.2 LTS y 9.1, CD AMQP Channels podría permitir a un usuario autenticado causar una denegación de servicio debido a un problema al procesar mensajes. IBM X-Force ID: 191747", }, ], id: "CVE-2020-4931", lastModified: "2024-11-21T05:33:26.623", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-24T18:15:12.797", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6403295", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6403295", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 16:15
Modified
2024-11-21 04:44
Severity ?
Summary
IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. IBM X-Force ID: 173625.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/173625 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/4832931 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/173625 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/4832931 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "13D55813-BBE9-4FC0-B631-B468DC360E11", versionEndExcluding: "9.0.0.9", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "8AB35A75-BE63-4CD3-AB00-DF7FC284A2C0", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "A3325A8E-52F0-4BD8-8D25-B9EE85DA081E", versionEndExcluding: "9.1.0.3", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. IBM X-Force ID: 173625.", }, { lang: "es", value: "IBM MQ versiones 9.0 y 9.1, es vulnerable a un ataque de denegación de servicio debido a un error en la función Channel processing. IBM X-Force ID: 173625.", }, ], id: "CVE-2019-4762", lastModified: "2024-11-21T04:44:06.557", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T16:15:13.350", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/173625", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/4832931", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/173625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/4832931", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2017-1699
Vulnerability from cvelistv5
Published
2018-01-04 17:00
Modified
2024-09-17 03:08
Severity ?
EPSS score ?
Summary
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22010340 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/134391 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:31.924Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22010340", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "9.0.3", }, ], }, ], datePublic: "2018-01-02T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.", }, ], problemTypes: [ { descriptions: [ { description: "Data Manipulation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T16:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22010340", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-01-02T00:00:00", ID: "CVE-2017-1699", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "9.0.3", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Data Manipulation", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22010340", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22010340", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1699", datePublished: "2018-01-04T17:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-17T03:08:03.425Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1998
Vulnerability from cvelistv5
Published
2019-03-11 22:00
Modified
2024-09-17 02:41
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/154887 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=ibm10870488 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:39.595Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-websphere-cve20181998-priv-escalation(154887)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/154887", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870488", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.1", }, ], }, ], datePublic: "2019-03-08T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 7.7, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:L/S:C/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-11T21:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-websphere-cve20181998-priv-escalation(154887)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/154887", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870488", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-03-08T00:00:00", ID: "CVE-2018-1998", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "H", I: "H", PR: "L", S: "C", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "ibm-websphere-cve20181998-priv-escalation(154887)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/154887", }, { name: "https://www.ibm.com/support/docview.wss?uid=ibm10870488", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10870488", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1998", datePublished: "2019-03-11T22:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T02:41:53.831Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1557
Vulnerability from cvelistv5
Published
2018-01-02 17:00
Modified
2024-09-16 17:47
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/131547 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/102418 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22004378 | x_refsource_CONFIRM |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:30.599Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547", }, { name: "102418", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102418", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22004378", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.3", }, ], }, ], datePublic: "2017-12-22T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-06T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547", }, { name: "102418", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102418", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22004378", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-12-22T00:00:00", ID: "CVE-2017-1557", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.3", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547", }, { name: "102418", refsource: "BID", url: "http://www.securityfocus.com/bid/102418", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22004378", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22004378", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1557", datePublished: "2018-01-02T17:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T17:47:56.777Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1836
Vulnerability from cvelistv5
Published
2019-03-19 13:50
Modified
2024-09-16 20:37
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10734457 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/150661 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/107530 | vdb-entry, x_refsource_BID |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:38.551Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734457", }, { name: "ibm-websphere-cve20181836-xss (150661)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150661", }, { name: "107530", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107530", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, ], }, ], datePublic: "2019-03-14T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:N/C:L/UI:R/PR:L/I:L/S:C/A:N/RL:O/E:H/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-22T12:06:04", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734457", }, { name: "ibm-websphere-cve20181836-xss (150661)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150661", }, { name: "107530", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107530", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-03-14T00:00:00", ID: "CVE-2018-1836", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.2", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "9.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "L", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10734457", refsource: "CONFIRM", title: "IBM Security Bulletin 734457 (MQ)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10734457", }, { name: "ibm-websphere-cve20181836-xss (150661)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150661", }, { name: "107530", refsource: "BID", url: "http://www.securityfocus.com/bid/107530", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1836", datePublished: "2019-03-19T13:50:17.228019Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T20:37:04.237Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1235
Vulnerability from cvelistv5
Published
2017-09-25 16:00
Modified
2024-09-16 22:02
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22005415 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/123914 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/100955 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:25:17.599Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005415", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/123914", }, { name: "100955", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100955", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "8", }, ], }, ], datePublic: "2017-09-20T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-26T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005415", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/123914", }, { name: "100955", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100955", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-09-20T00:00:00", ID: "CVE-2017-1235", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22005415", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22005415", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/123914", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/123914", }, { name: "100955", refsource: "BID", url: "http://www.securityfocus.com/bid/100955", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1235", datePublished: "2017-09-25T16:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T22:02:28.205Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38875
Vulnerability from cvelistv5
Published
2021-11-23 19:15
Modified
2024-09-16 23:25
Severity ?
EPSS score ?
Summary
IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6517672 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/208398 | vdb-entry, x_refsource_XF |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:51:20.613Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6517672", }, { name: "ibm-mq-cve202138875-dos (208398)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/208398", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0.0", }, { status: "affected", version: "9.0.0", }, { status: "affected", version: "9.1.0", }, { status: "affected", version: "9.2.0", }, ], }, ], datePublic: "2021-11-22T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.7, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:N/AC:L/UI:N/PR:L/S:U/C:N/A:H/AV:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-23T19:15:31", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6517672", }, { name: "ibm-mq-cve202138875-dos (208398)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/208398", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-11-22T00:00:00", ID: "CVE-2021-38875", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0.0", }, { version_value: "9.0.0", }, { version_value: "9.1.0", }, { version_value: "9.2.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6517672", refsource: "CONFIRM", title: "IBM Security Bulletin 6517672 (MQ)", url: "https://www.ibm.com/support/pages/node/6517672", }, { name: "ibm-mq-cve202138875-dos (208398)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/208398", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-38875", datePublished: "2021-11-23T19:15:31.816079Z", dateReserved: "2021-08-16T00:00:00", dateUpdated: "2024-09-16T23:25:23.907Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4310
Vulnerability from cvelistv5
Published
2020-06-16 13:45
Modified
2024-09-17 01:10
Severity ?
EPSS score ?
Summary
IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6223914 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/177081 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | WebSphere MQ |
Version: 7.1 Version: 7.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:06.987Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6223914", }, { name: "ibm-mq-cve20204310-dos (177081)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177081", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, ], }, { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0.LTS", }, { status: "affected", version: "9.1.LTS", }, { status: "affected", version: "9.1.CD", }, ], }, ], datePublic: "2020-06-12T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/I:N/PR:N/S:U/A:H/UI:N/C:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-16T13:45:21", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6223914", }, { name: "ibm-mq-cve20204310-dos (177081)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177081", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-06-12T00:00:00", ID: "CVE-2020-4310", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, ], }, }, { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0.LTS", }, { version_value: "9.1.LTS", }, { version_value: "9.1.CD", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6223914", refsource: "CONFIRM", title: "IBM Security Bulletin 6223914 (WebSphere MQ)", url: "https://www.ibm.com/support/pages/node/6223914", }, { name: "ibm-mq-cve20204310-dos (177081)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177081", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4310", datePublished: "2020-06-16T13:45:21.461931Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T01:10:57.169Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4267
Vulnerability from cvelistv5
Published
2020-04-24 15:50
Modified
2024-09-16 23:01
Severity ?
EPSS score ?
Summary
IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6195384 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/175840 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Appliance |
Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.0 Version: 8.0.0.8 Version: 8.0.0.10 Version: 8.0.0.11 Version: 9.1.0.1 Version: 9.1.1 Version: 8.0.0.1 Version: 8.0.0.7 Version: 8.0.0.9 Version: 8.0.0.12 Version: 9.1.0.2 Version: 9.1.2 Version: 9.1.0.3 Version: 9.1.3 Version: 9.1 Version: 8.0.0.13 Version: 9.1.0.4 Version: 9.1.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:06.915Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6195384", }, { name: "ibm-mq-cve20204267-dos (175840)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ Appliance", vendor: "IBM", versions: [ { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "8.0.0.12", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "9.1.0.3", }, { status: "affected", version: "9.1.3", }, { status: "affected", version: "9.1", }, { status: "affected", version: "8.0.0.13", }, { status: "affected", version: "9.1.0.4", }, { status: "affected", version: "9.1.4", }, ], }, ], datePublic: "2020-04-22T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/C:N/UI:N/AC:H/S:U/I:N/PR:L/AV:N/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-24T15:50:21", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6195384", }, { name: "ibm-mq-cve20204267-dos (175840)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-04-22T00:00:00", ID: "CVE-2020-4267", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ Appliance", version: { version_data: [ { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.10", }, { version_value: "8.0.0.11", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.7", }, { version_value: "8.0.0.9", }, { version_value: "8.0.0.12", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "9.1.0.3", }, { version_value: "9.1.3", }, { version_value: "9.1", }, { version_value: "8.0.0.13", }, { version_value: "9.1.0.4", }, { version_value: "9.1.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6195384", refsource: "CONFIRM", title: "IBM Security Bulletin 6195384 (MQ Appliance)", url: "https://www.ibm.com/support/pages/node/6195384", }, { name: "ibm-mq-cve20204267-dos (175840)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4267", datePublished: "2020-04-24T15:50:21.949654Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T23:01:18.469Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43902
Vulnerability from cvelistv5
Published
2023-03-01 20:44
Modified
2025-03-06 19:07
Severity ?
EPSS score ?
Summary
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6890643 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/240832 | vdb-entry |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.588Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6890643", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/240832", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-43902", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-06T19:06:49.712575Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-06T19:07:04.617Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.2 CD, 9.2 LTS, 9.3 CD, 9.3 LTS", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832.", }, ], value: "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "703 Improper Check or Handling of Exceptional Conditions", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-10T20:04:40.537Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6890643", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/240832", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-43902", datePublished: "2023-03-01T20:44:15.672Z", dateReserved: "2022-10-26T15:46:22.841Z", dateUpdated: "2025-03-06T19:07:04.617Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1433
Vulnerability from cvelistv5
Published
2017-12-07 15:00
Modified
2024-09-16 20:47
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/127803 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22005525 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102163 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 7.5 Version: 8.0 Version: 9.0 Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:29.621Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005525", }, { name: "102163", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102163", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "7.5.0.5", }, { status: "affected", version: "7.5.0.6", }, { status: "affected", version: "7.5.0.7", }, { status: "affected", version: "7.5.0.8", }, ], }, ], datePublic: "2017-12-06T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-14T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005525", }, { name: "102163", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102163", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-12-06T00:00:00", ID: "CVE-2017-1433", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "7.5.0.1", }, { version_value: "7.5.0.2", }, { version_value: "7.5.0.3", }, { version_value: "7.5.0.4", }, { version_value: "7.5.0.5", }, { version_value: "7.5.0.6", }, { version_value: "7.5.0.7", }, { version_value: "7.5.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22005525", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22005525", }, { name: "102163", refsource: "BID", url: "http://www.securityfocus.com/bid/102163", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1433", datePublished: "2017-12-07T15:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T20:47:10.055Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43919
Vulnerability from cvelistv5
Published
2023-05-05 14:24
Modified
2025-01-29 16:55
Severity ?
EPSS score ?
Summary
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6986559 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/241354 | vdb-entry |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.734Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6986559", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/241354", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-43919", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T16:55:29.815686Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-29T16:55:41.956Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.2 CD, 9.2 LTS, 9.3 CD, 9.3 LTS", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.", }, ], value: "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-05T14:24:44.592Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6986559", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/241354", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-43919", datePublished: "2023-05-05T14:24:44.592Z", dateReserved: "2022-10-26T15:46:22.847Z", dateUpdated: "2025-01-29T16:55:41.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4682
Vulnerability from cvelistv5
Published
2021-01-28 12:55
Modified
2024-09-16 19:04
Severity ?
EPSS score ?
Summary
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6408626 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/186509 | vdb-entry, x_refsource_XF |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:57.859Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6408626", }, { name: "ibm-mq-cve20204682-code-exec (186509)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0.0", }, { status: "affected", version: "9.0.0", }, { status: "affected", version: "9.1.0", }, { status: "affected", version: "7.5.0", }, { status: "affected", version: "9.2.0", }, ], }, ], datePublic: "2021-01-27T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.1, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/I:H/S:U/C:H/UI:N/A:H/AV:N/PR:N/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-28T12:55:15", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6408626", }, { name: "ibm-mq-cve20204682-code-exec (186509)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-01-27T00:00:00", ID: "CVE-2020-4682", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0.0", }, { version_value: "9.0.0", }, { version_value: "9.1.0", }, { version_value: "7.5.0", }, { version_value: "9.2.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "H", I: "H", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6408626", refsource: "CONFIRM", title: "IBM Security Bulletin 6408626 (MQ)", url: "https://www.ibm.com/support/pages/node/6408626", }, { name: "ibm-mq-cve20204682-code-exec (186509)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4682", datePublished: "2021-01-28T12:55:15.366622Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T19:04:36.558Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54175
Vulnerability from cvelistv5
Published
2025-02-28 16:19
Modified
2025-02-28 16:40
Severity ?
EPSS score ?
Summary
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD
could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7184453 | vendor-advisory |
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54175", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T16:39:16.195848Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "CWE-754 Improper Check for Unusual or Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T16:40:52.691Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD \n\n<span style=\"background-color: rgb(255, 255, 255);\">could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions.</span>", }, ], value: "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD \n\ncould allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "CWE-754 Improper Check for Unusual or Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T16:19:56.817Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7184453", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-54175", datePublished: "2025-02-28T16:19:56.817Z", dateReserved: "2024-11-30T14:47:55.532Z", dateUpdated: "2025-02-28T16:40:52.691Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-23225
Vulnerability from cvelistv5
Published
2025-02-28 02:23
Modified
2025-02-28 16:34
Severity ?
EPSS score ?
Summary
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7183372 | vendor-advisory |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-23225", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T16:33:52.569307Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T16:34:10.887Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.", }, ], value: "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-230", description: "CWE-230 Improper Handling of Missing Values", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T02:23:30.753Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7183372", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2025-23225", datePublished: "2025-02-28T02:23:30.753Z", dateReserved: "2025-01-13T23:41:34.179Z", dateUpdated: "2025-02-28T16:34:10.887Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-39034
Vulnerability from cvelistv5
Published
2022-02-17 16:30
Modified
2024-09-16 17:14
Severity ?
EPSS score ?
Summary
IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6556466 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/213964 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:58:17.982Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6556466", }, { name: "ibm-mq-cve202139034-dos (213964)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213964", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.1.0", }, ], }, ], datePublic: "2022-02-15T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/S:U/C:N/AC:H/PR:L/I:N/A:H/UI:N/AV:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-17T16:30:10", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6556466", }, { name: "ibm-mq-cve202139034-dos (213964)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213964", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-02-15T00:00:00", ID: "CVE-2021-39034", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.1.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6556466", refsource: "CONFIRM", title: "IBM Security Bulletin 6556466 (MQ)", url: "https://www.ibm.com/support/pages/node/6556466", }, { name: "ibm-mq-cve202139034-dos (213964)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213964", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-39034", datePublished: "2022-02-17T16:30:11.043240Z", dateReserved: "2021-08-16T00:00:00", dateUpdated: "2024-09-16T17:14:09.555Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4560
Vulnerability from cvelistv5
Published
2019-12-16 15:45
Modified
2024-09-16 18:44
Severity ?
EPSS score ?
Summary
IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1106037 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/166357 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 8.0.0.12 Version: 9.1.0.3 Version: 9.1.3 Version: 9.0.0.7 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:47.319Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1106037", }, { name: "ibm-mq-cve20194560-dos (166357)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166357", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, { status: "affected", version: "8.0.0.12", }, { status: "affected", version: "9.1.0.3", }, { status: "affected", version: "9.1.3", }, { status: "affected", version: "9.0.0.7", }, ], }, ], datePublic: "2019-12-13T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/C:N/AC:H/S:U/UI:N/AV:N/PR:L/A:H/I:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-16T15:45:16", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1106037", }, { name: "ibm-mq-cve20194560-dos (166357)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166357", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-12-13T00:00:00", ID: "CVE-2019-4560", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, { version_value: "8.0.0.12", }, { version_value: "9.1.0.3", }, { version_value: "9.1.3", }, { version_value: "9.0.0.7", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1106037", refsource: "CONFIRM", title: "IBM Security Bulletin 1106037 (MQ)", url: "https://www.ibm.com/support/pages/node/1106037", }, { name: "ibm-mq-cve20194560-dos (166357)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166357", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4560", datePublished: "2019-12-16T15:45:16.251276Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T18:44:07.513Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1341
Vulnerability from cvelistv5
Published
2017-12-07 15:00
Modified
2024-09-16 18:45
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/126456 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22005400 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102042 | vdb-entry, x_refsource_BID |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:29.322Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005400", }, { name: "102042", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102042", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.3", }, ], }, ], datePublic: "2017-12-04T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.", }, ], problemTypes: [ { descriptions: [ { description: "Bypass Security", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-08T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005400", }, { name: "102042", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102042", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-12-04T00:00:00", ID: "CVE-2017-1341", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.3", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Bypass Security", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22005400", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22005400", }, { name: "102042", refsource: "BID", url: "http://www.securityfocus.com/bid/102042", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1341", datePublished: "2017-12-07T15:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T18:45:12.994Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4378
Vulnerability from cvelistv5
Published
2019-09-26 15:05
Modified
2024-09-17 02:32
Severity ?
EPSS score ?
Summary
IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportcontent.ibm.com/support/pages/node/886885 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/162084 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 Version: 8.0.0.8 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.1.0.5 Version: 7.1.0.6 Version: 7.1.0.7 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 7.1.0.0 Version: 7.1.0.8 Version: 7.1.0.9 Version: 7.5.0.0 Version: 7.5.0.9 Version: 8.0.0.12 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:37.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://supportcontent.ibm.com/support/pages/node/886885", }, { name: "ibm-mq-cve20194378-dos (162084)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/162084", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "7.5.0.5", }, { status: "affected", version: "7.5.0.6", }, { status: "affected", version: "7.5.0.7", }, { status: "affected", version: "7.5.0.8", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.1.0.4", }, { status: "affected", version: "7.1.0.5", }, { status: "affected", version: "7.1.0.6", }, { status: "affected", version: "7.1.0.7", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, { status: "affected", version: "7.1.0.0", }, { status: "affected", version: "7.1.0.8", }, { status: "affected", version: "7.1.0.9", }, { status: "affected", version: "7.5.0.0", }, { status: "affected", version: "7.5.0.9", }, { status: "affected", version: "8.0.0.12", }, ], }, ], datePublic: "2019-09-17T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/C:N/A:H/AC:H/S:U/UI:N/AV:N/I:N/PR:L/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-26T15:05:30", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://supportcontent.ibm.com/support/pages/node/886885", }, { name: "ibm-mq-cve20194378-dos (162084)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/162084", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-09-17T00:00:00", ID: "CVE-2019-4378", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "7.5.0.1", }, { version_value: "7.5.0.2", }, { version_value: "7.5.0.3", }, { version_value: "7.5.0.4", }, { version_value: "7.5.0.5", }, { version_value: "7.5.0.6", }, { version_value: "7.5.0.7", }, { version_value: "7.5.0.8", }, { version_value: "8.0.0.8", }, { version_value: "7.1.0.1", }, { version_value: "7.1.0.2", }, { version_value: "7.1.0.3", }, { version_value: "7.1.0.4", }, { version_value: "7.1.0.5", }, { version_value: "7.1.0.6", }, { version_value: "7.1.0.7", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, { version_value: "7.1.0.0", }, { version_value: "7.1.0.8", }, { version_value: "7.1.0.9", }, { version_value: "7.5.0.0", }, { version_value: "7.5.0.9", }, { version_value: "8.0.0.12", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://supportcontent.ibm.com/support/pages/node/886885", refsource: "CONFIRM", title: "IBM Security Bulletin 886885 (MQ)", url: "https://supportcontent.ibm.com/support/pages/node/886885", }, { name: "ibm-mq-cve20194378-dos (162084)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/162084", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4378", datePublished: "2019-09-26T15:05:31.039884Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T02:32:24.120Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54173
Vulnerability from cvelistv5
Published
2025-02-28 02:22
Modified
2025-02-28 16:37
Severity ?
EPSS score ?
Summary
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7183370 | vendor-advisory |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-54173", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T16:35:01.988933Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T16:37:38.519Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.", }, ], value: "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1323", description: "CWE-1323 Improper Management of Sensitive Trace Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T02:22:14.364Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7183370", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-54173", datePublished: "2025-02-28T02:22:14.364Z", dateReserved: "2024-11-30T14:47:41.352Z", dateUpdated: "2025-02-28T16:37:38.519Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38986
Vulnerability from cvelistv5
Published
2022-03-01 16:45
Modified
2024-09-17 01:36
Severity ?
EPSS score ?
Summary
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6560032 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/212942 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Appliance |
Version: 9.2 LTS Version: 9.2 CD |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:58:16.429Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6560032", }, { name: "ibm-mq-cve202138986-session-fixation (212942)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/212942", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.2 LTS", }, { status: "affected", version: "9.2 CD", }, ], }, ], datePublic: "2022-02-28T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.9, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/S:U/I:L/PR:N/C:L/AV:N/UI:N/A:L/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-01T16:45:25", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6560032", }, { name: "ibm-mq-cve202138986-session-fixation (212942)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/212942", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-02-28T00:00:00", ID: "CVE-2021-38986", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ Appliance", version: { version_data: [ { version_value: "9.2 LTS", }, { version_value: "9.2 CD", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "H", AV: "N", C: "L", I: "L", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6560032", refsource: "CONFIRM", title: "IBM Security Bulletin 6560032 (MQ Appliance)", url: "https://www.ibm.com/support/pages/node/6560032", }, { name: "ibm-mq-cve202138986-session-fixation (212942)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/212942", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-38986", datePublished: "2022-03-01T16:45:25.622031Z", dateReserved: "2021-08-16T00:00:00", dateUpdated: "2024-09-17T01:36:34.566Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1786
Vulnerability from cvelistv5
Published
2018-04-23 13:00
Modified
2024-09-16 16:14
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22013023 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/136975 | vdb-entry, x_refsource_XF |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:32.314Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22013023", }, { name: "ibm-websphere-cve20171786-dos(136975)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "8.0.0.8", }, ], }, ], datePublic: "2018-04-17T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-23T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22013023", }, { name: "ibm-websphere-cve20171786-dos(136975)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-04-17T00:00:00", ID: "CVE-2017-1786", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "8.0.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22013023", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22013023", }, { name: "ibm-websphere-cve20171786-dos(136975)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1786", datePublished: "2018-04-23T13:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T16:14:08.508Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22874
Vulnerability from cvelistv5
Published
2023-05-05 14:57
Modified
2025-01-29 16:54
Severity ?
EPSS score ?
Summary
IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6985901 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/244216 | vdb-entry |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.017Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6985901", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244216", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22874", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T16:54:48.717705Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-29T16:54:55.891Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.2 CD, 9.3 CD, and 9.3 LTS", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.", }, ], value: "IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "703 Improper Check or Handling of Exceptional Conditions", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-05T14:57:23.735Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6985901", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244216", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-22874", datePublished: "2023-05-05T14:57:23.735Z", dateReserved: "2023-01-09T15:16:49.250Z", dateUpdated: "2025-01-29T16:54:55.891Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-31919
Vulnerability from cvelistv5
Published
2024-06-28 17:34
Modified
2024-08-02 01:59
Severity ?
EPSS score ?
Summary
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7157979 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/290259 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD cpe:2.3:a:ibm:mq_appliance:9.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-31919", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-28T20:05:02.070837Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-28T20:05:09.505Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:59:50.566Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7157979", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/290259", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq_appliance:9.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259.", }, ], value: "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-28T17:35:03.687Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7157979", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/290259", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-31919", datePublished: "2024-06-28T17:34:15.469Z", dateReserved: "2024-04-07T12:45:15.767Z", dateUpdated: "2024-08-02T01:59:50.566Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1792
Vulnerability from cvelistv5
Published
2018-11-13 15:00
Modified
2024-09-16 16:27
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105936 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/148947 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=ibm10734447 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.1 Version: 9.0.0.1 Version: 9.0.2 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 9.0.3 Version: 9.0.4 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.0.5 Version: 9.1.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:38.346Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "105936", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105936", }, { name: "ibm-websphere-cve20181792-priv-escalation(148947)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734447", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.1.0.0", }, ], }, ], datePublic: "2018-11-12T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 7.7, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:L/S:C/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-16T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "105936", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105936", }, { name: "ibm-websphere-cve20181792-priv-escalation(148947)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734447", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-11-12T00:00:00", ID: "CVE-2018-1792", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.0.5", }, { version_value: "9.1.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "H", I: "H", PR: "L", S: "C", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "105936", refsource: "BID", url: "http://www.securityfocus.com/bid/105936", }, { name: "ibm-websphere-cve20181792-priv-escalation(148947)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947", }, { name: "https://www.ibm.com/support/docview.wss?uid=ibm10734447", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10734447", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1792", datePublished: "2018-11-13T15:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T16:27:25.936Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4656
Vulnerability from cvelistv5
Published
2020-03-16 15:25
Modified
2024-09-17 04:18
Severity ?
EPSS score ?
Summary
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1135095 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/170967 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 Version: 8.0.0.8 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.1.0.5 Version: 7.1.0.6 Version: 7.1.0.7 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 7.1.0.0 Version: 7.1.0.8 Version: 7.1.0.9 Version: 7.5.0.0 Version: 7.5.0.9 Version: 8.0.0.12 Version: 9.1.0.3 Version: 9.1.3 Version: 9.0.0.7 Version: 8.0.0.13 Version: 9.0.0.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:48.365Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1135095", }, { name: "ibm-mq-cve20194656-dos (170967)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "7.5.0.5", }, { status: "affected", version: "7.5.0.6", }, { status: "affected", version: "7.5.0.7", }, { status: "affected", version: "7.5.0.8", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.1.0.4", }, { status: "affected", version: "7.1.0.5", }, { status: "affected", version: "7.1.0.6", }, { status: "affected", version: "7.1.0.7", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, { status: "affected", version: "7.1.0.0", }, { status: "affected", version: "7.1.0.8", }, { status: "affected", version: "7.1.0.9", }, { status: "affected", version: "7.5.0.0", }, { status: "affected", version: "7.5.0.9", }, { status: "affected", version: "8.0.0.12", }, { status: "affected", version: "9.1.0.3", }, { status: "affected", version: "9.1.3", }, { status: "affected", version: "9.0.0.7", }, { status: "affected", version: "8.0.0.13", }, { status: "affected", version: "9.0.0.8", }, ], }, ], datePublic: "2020-03-13T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.7, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/UI:N/C:N/S:U/A:H/I:N/AC:L/PR:L/AV:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-16T15:25:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1135095", }, { name: "ibm-mq-cve20194656-dos (170967)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-03-13T00:00:00", ID: "CVE-2019-4656", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "7.5.0.1", }, { version_value: "7.5.0.2", }, { version_value: "7.5.0.3", }, { version_value: "7.5.0.4", }, { version_value: "7.5.0.5", }, { version_value: "7.5.0.6", }, { version_value: "7.5.0.7", }, { version_value: "7.5.0.8", }, { version_value: "8.0.0.8", }, { version_value: "7.1.0.1", }, { version_value: "7.1.0.2", }, { version_value: "7.1.0.3", }, { version_value: "7.1.0.4", }, { version_value: "7.1.0.5", }, { version_value: "7.1.0.6", }, { version_value: "7.1.0.7", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, { version_value: "7.1.0.0", }, { version_value: "7.1.0.8", }, { version_value: "7.1.0.9", }, { version_value: "7.5.0.0", }, { version_value: "7.5.0.9", }, { version_value: "8.0.0.12", }, { version_value: "9.1.0.3", }, { version_value: "9.1.3", }, { version_value: "9.0.0.7", }, { version_value: "8.0.0.13", }, { version_value: "9.0.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1135095", refsource: "CONFIRM", title: "IBM Security Bulletin 1135095 (MQ)", url: "https://www.ibm.com/support/pages/node/1135095", }, { name: "ibm-mq-cve20194656-dos (170967)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4656", datePublished: "2020-03-16T15:25:20.439438Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T04:18:51.019Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4039
Vulnerability from cvelistv5
Published
2019-05-23 14:05
Modified
2024-09-17 01:16
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10870492 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/156163 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 8.0.0.11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:27.901Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870492", }, { name: "ibm-websphere-cve20194039-dos (156163)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156163", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "8.0.0.11", }, ], }, ], datePublic: "2019-05-21T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:N/S:U/UI:N/AV:L/A:H/C:N/AC:L/PR:N/E:U/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T14:05:15", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870492", }, { name: "ibm-websphere-cve20194039-dos (156163)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156163", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-05-21T00:00:00", ID: "CVE-2019-4039", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "8.0.0.11", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10870492", refsource: "CONFIRM", title: "IBM Security Bulletin 0870492 (MQ)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10870492", }, { name: "ibm-websphere-cve20194039-dos (156163)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156163", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4039", datePublished: "2019-05-23T14:05:15.446631Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T01:16:15.846Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1543
Vulnerability from cvelistv5
Published
2018-06-27 18:00
Modified
2024-09-17 03:48
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22016346 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/142598 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:07:43.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22016346", }, { name: "ibm-websphere-cve20181543-info-disc(142598)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142598", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, ], }, ], datePublic: "2018-06-22T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-27T17:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22016346", }, { name: "ibm-websphere-cve20181543-info-disc(142598)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142598", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-06-22T00:00:00", ID: "CVE-2018-1543", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22016346", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22016346", }, { name: "ibm-websphere-cve20181543-info-disc(142598)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142598", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1543", datePublished: "2018-06-27T18:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T03:48:13.036Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4078
Vulnerability from cvelistv5
Published
2019-05-23 14:05
Modified
2024-09-16 20:11
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10872876 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/157190 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 8.0.0.11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:27.998Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10872876", }, { name: "ibm-websphere-cve20194078-priv-escalation (157190)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/157190", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "8.0.0.11", }, ], }, ], datePublic: "2019-05-21T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:H/S:U/UI:N/C:H/A:H/AV:L/AC:H/PR:N/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T14:05:15", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10872876", }, { name: "ibm-websphere-cve20194078-priv-escalation (157190)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/157190", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-05-21T00:00:00", ID: "CVE-2019-4078", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "8.0.0.11", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "L", C: "H", I: "H", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10872876", refsource: "CONFIRM", title: "IBM Security Bulletin 0872876 (MQ)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10872876", }, { name: "ibm-websphere-cve20194078-priv-escalation (157190)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/157190", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4078", datePublished: "2019-05-23T14:05:15.498574Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T20:11:56.782Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4655
Vulnerability from cvelistv5
Published
2019-12-30 15:35
Modified
2024-09-17 01:55
Severity ?
EPSS score ?
Summary
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1106529 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/170966 | vdb-entry, x_refsource_XF |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:48.201Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1106529", }, { name: "ibm-mq-cve20194655-dos (170966)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "9.1.0.3", }, { status: "affected", version: "9.1.3", }, ], }, ], datePublic: "2019-12-20T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.8, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/C:N/A:L/S:U/I:N/PR:L/AV:N/AC:L/UI:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-30T15:35:22", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1106529", }, { name: "ibm-mq-cve20194655-dos (170966)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-12-20T00:00:00", ID: "CVE-2019-4655", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "9.1.0.3", }, { version_value: "9.1.3", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1106529", refsource: "CONFIRM", title: "IBM Security Bulletin 1106529 (MQ)", url: "https://www.ibm.com/support/pages/node/1106529", }, { name: "ibm-mq-cve20194655-dos (170966)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4655", datePublished: "2019-12-30T15:35:22.708634Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T01:55:55.073Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25015
Vulnerability from cvelistv5
Published
2024-05-01 16:16
Modified
2024-08-01 23:36
Severity ?
EPSS score ?
Summary
IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7149583 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/281278 | vdb-entry |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "mq", vendor: "ibm", versions: [ { status: "affected", version: "9.2 LTS", }, { status: "affected", version: "9.3 LTS", }, { status: "affected", version: "9.3 CD", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-25015", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-05T18:12:08.972815Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-05T18:16:18.663Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:36:21.594Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7149583", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/281278", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.2 LTS, 9.3 LTS, 9.3 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.", }, ], value: "IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-406", description: "CWE-406 Insufficient Control of Network Message Volume (Network Amplification)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-01T16:16:16.641Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7149583", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/281278", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-25015", datePublished: "2024-05-01T16:16:16.641Z", dateReserved: "2024-02-03T14:48:56.576Z", dateUpdated: "2024-08-01T23:36:21.594Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35156
Vulnerability from cvelistv5
Published
2024-06-28 18:12
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7158058 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/292766 | vdb-entry |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35156", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T16:44:56.310824Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-01T16:45:06.257Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.944Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7158058", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292766", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.3 LTS and 9.3 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766.", }, ], value: "IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-28T18:12:21.696Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7158058", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292766", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-35156", datePublished: "2024-06-28T18:12:21.696Z", dateReserved: "2024-05-09T16:27:47.447Z", dateUpdated: "2024-08-02T03:07:46.944Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1337
Vulnerability from cvelistv5
Published
2017-07-10 16:00
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99493 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/126245 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22003853 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:29.414Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "99493", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99493", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126245", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003853", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.2", }, ], }, ], datePublic: "2017-07-06T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "99493", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99493", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126245", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003853", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-07-06T00:00:00", ID: "CVE-2017-1337", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "99493", refsource: "BID", url: "http://www.securityfocus.com/bid/99493", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126245", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126245", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22003853", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22003853", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1337", datePublished: "2017-07-10T16:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-17T00:21:01.690Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28513
Vulnerability from cvelistv5
Published
2023-07-19 01:49
Modified
2024-10-21 15:35
Severity ?
EPSS score ?
Summary
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7007421 | vendor-advisory | |
| https://www.ibm.com/support/pages/node/7007731 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 | vdb-entry |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | MQ |
Version: 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, 9.3 CD |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T13:43:23.049Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7007421", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7007731", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28513", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T15:34:38.689370Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T15:35:56.231Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, 9.3 CD", }, ], }, { defaultStatus: "unaffected", product: "MQ Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.2 LTS, 9.3 LTS, 9.2 CD, 9.2 LTS", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.", }, ], value: "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-19T01:49:14.604Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7007421", }, { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7007731", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-28513", datePublished: "2023-07-19T01:49:14.604Z", dateReserved: "2023-03-16T21:05:38.974Z", dateUpdated: "2024-10-21T15:35:56.231Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22489
Vulnerability from cvelistv5
Published
2022-08-19 18:50
Modified
2024-09-16 19:14
Severity ?
EPSS score ?
Summary
IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6613021 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/226339 | vdb-entry, x_refsource_XF |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:55.269Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6613021", }, { name: "ibm-mq-cve202222489-xxe (226339)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/226339", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0.LTS", }, { status: "affected", version: "9.1.LTS", }, { status: "affected", version: "9.1.CD", }, { status: "affected", version: "9.2.CD", }, ], }, ], datePublic: "2022-08-18T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.1, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/S:U/A:L/PR:N/UI:N/AC:L/C:H/I:N/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-19T18:50:09", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6613021", }, { name: "ibm-mq-cve202222489-xxe (226339)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/226339", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-08-18T00:00:00", ID: "CVE-2022-22489", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0.LTS", }, { version_value: "9.1.LTS", }, { version_value: "9.1.CD", }, { version_value: "9.2.CD", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6613021", refsource: "CONFIRM", title: "IBM Security Bulletin 6613021 (MQ)", url: "https://www.ibm.com/support/pages/node/6613021", }, { name: "ibm-mq-cve202222489-xxe (226339)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/226339", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22489", datePublished: "2022-08-19T18:50:10.108836Z", dateReserved: "2022-01-03T00:00:00", dateUpdated: "2024-09-16T19:14:53.919Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4568
Vulnerability from cvelistv5
Published
2020-01-28 18:30
Modified
2024-09-17 04:13
Severity ?
EPSS score ?
Summary
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1106517 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/166629 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 8.0.0.11 Version: 9.0.0.6 Version: 8.0.0.12 Version: 9.0.0.7 Version: 8.0.0.13 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:47.612Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1106517", }, { name: "ibm-mq-cve20194568-dos (166629)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166629", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, { status: "affected", version: "8.0.0.12", }, { status: "affected", version: "9.0.0.7", }, { status: "affected", version: "8.0.0.13", }, ], }, ], datePublic: "2020-01-24T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/S:U/A:H/C:N/AV:N/AC:H/I:N/UI:N/PR:N/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-28T18:30:52", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1106517", }, { name: "ibm-mq-cve20194568-dos (166629)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166629", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-01-24T00:00:00", ID: "CVE-2019-4568", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, { version_value: "8.0.0.12", }, { version_value: "9.0.0.7", }, { version_value: "8.0.0.13", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1106517", refsource: "CONFIRM", title: "IBM Security Bulletin 1106517 (MQ)", url: "https://www.ibm.com/support/pages/node/1106517", }, { name: "ibm-mq-cve20194568-dos (166629)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166629", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4568", datePublished: "2020-01-28T18:30:52.103667Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T04:13:47.232Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1684
Vulnerability from cvelistv5
Published
2018-11-09 00:00
Modified
2024-09-16 22:26
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/145456 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=ibm10734297 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.1 Version: 9.0.0.1 Version: 9.0.2 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 9.0.3 Version: 9.0.4 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.0.5 Version: 9.1.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:07:44.360Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-websphere-cve20181684-dos(145456)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734297", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.1.0.0", }, ], }, ], datePublic: "2018-11-07T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:H/AV:N/C:N/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-08T23:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-websphere-cve20181684-dos(145456)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734297", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-11-07T00:00:00", ID: "CVE-2018-1684", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.0.5", }, { version_value: "9.1.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "ibm-websphere-cve20181684-dos(145456)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456", }, { name: "https://www.ibm.com/support/docview.wss?uid=ibm10734297", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10734297", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1684", datePublished: "2018-11-09T00:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T22:26:38.249Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1285
Vulnerability from cvelistv5
Published
2017-07-12 17:00
Modified
2024-09-16 20:02
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/125146 | x_refsource_MISC | |
| https://www.ibm.com/support/docview.wss?uid=swg22003856 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99538 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:28.480Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=swg22003856", }, { name: "99538", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99538", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.2", }, ], }, ], datePublic: "2017-07-10T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-13T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=swg22003856", }, { name: "99538", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99538", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-07-10T00:00:00", ID: "CVE-2017-1285", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146", }, { name: "https://www.ibm.com/support/docview.wss?uid=swg22003856", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=swg22003856", }, { name: "99538", refsource: "BID", url: "http://www.securityfocus.com/bid/99538", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1285", datePublished: "2017-07-12T17:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T20:02:13.078Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52897
Vulnerability from cvelistv5
Published
2024-12-19 17:18
Modified
2025-01-14 16:39
Severity ?
EPSS score ?
Summary
IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-52897", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-20T17:52:05.732429Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T16:39:11.196Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.</span>", }, ], value: "IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-10T14:25:28.184Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7179151", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-52897", datePublished: "2024-12-19T17:18:11.436Z", dateReserved: "2024-11-17T14:25:44.935Z", dateUpdated: "2025-01-14T16:39:11.196Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4049
Vulnerability from cvelistv5
Published
2019-08-20 18:25
Modified
2024-09-17 03:47
Severity ?
EPSS score ?
Summary
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10870490 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/156398 | vdb-entry, x_refsource_XF |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:27.980Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870490", }, { name: "ibm-websphere-cve20194049-dos (156398)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156398", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, ], }, ], datePublic: "2019-08-05T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/PR:N/I:N/UI:N/AV:L/S:U/AC:L/A:H/C:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-20T18:25:26", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870490", }, { name: "ibm-websphere-cve20194049-dos (156398)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156398", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-08-05T00:00:00", ID: "CVE-2019-4049", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10870490", refsource: "CONFIRM", title: "IBM Security Bulletin 870490 (MQ)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10870490", }, { name: "ibm-websphere-cve20194049-dos (156398)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156398", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4049", datePublished: "2019-08-20T18:25:26.381956Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T03:47:44.113Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-31912
Vulnerability from cvelistv5
Published
2024-06-28 17:38
Modified
2024-08-02 01:59
Severity ?
EPSS score ?
Summary
IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7158072 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/289894 | vdb-entry |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-31912", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T20:24:18.810776Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-01T21:23:26.370Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:59:50.542Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7158072", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/289894", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.3 LTS and 9.3 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894.", }, ], value: "IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266 Incorrect Privilege Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-28T17:38:11.302Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7158072", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/289894", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ privilege escalation", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-31912", datePublished: "2024-06-28T17:38:11.302Z", dateReserved: "2024-04-07T12:45:15.766Z", dateUpdated: "2024-08-02T01:59:50.542Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4261
Vulnerability from cvelistv5
Published
2019-08-05 13:40
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10886887 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/160013 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:37.855Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10886887", }, { name: "ibm-mq-cve20194261-dos (160013)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, ], }, ], datePublic: "2019-08-01T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.8, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/UI:N/A:L/C:N/I:N/AC:L/AV:N/S:U/PR:L/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-05T13:40:15", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10886887", }, { name: "ibm-mq-cve20194261-dos (160013)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-08-01T00:00:00", ID: "CVE-2019-4261", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10886887", refsource: "CONFIRM", title: "IBM Security Bulletin 886887 (MQ)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10886887", }, { name: "ibm-mq-cve20194261-dos (160013)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4261", datePublished: "2019-08-05T13:40:15.514791Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T03:43:43.454Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-0975
Vulnerability from cvelistv5
Published
2025-02-28 02:20
Modified
2025-03-06 04:55
Severity ?
EPSS score ?
Summary
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7183467 | vendor-advisory |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-0975", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-05T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-06T04:55:19.503Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.", }, ], value: "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-150", description: "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T02:20:36.466Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7183467", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ code execution", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2025-0975", datePublished: "2025-02-28T02:20:36.466Z", dateReserved: "2025-02-02T15:02:19.946Z", dateUpdated: "2025-03-06T04:55:19.503Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1612
Vulnerability from cvelistv5
Published
2018-01-09 20:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040175 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102479 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/132953 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22009918 | x_refsource_CONFIRM |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:32.123Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1040175", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040175", }, { name: "102479", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102479", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22009918", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, ], }, ], datePublic: "2018-01-04T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.", }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-14T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "1040175", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040175", }, { name: "102479", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102479", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22009918", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-01-04T00:00:00", ID: "CVE-2017-1612", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "7.0.1", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "8.0", }, { version_value: "9.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "1040175", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040175", }, { name: "102479", refsource: "BID", url: "http://www.securityfocus.com/bid/102479", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22009918", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22009918", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1612", datePublished: "2018-01-09T20:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T18:29:50.060Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1284
Vulnerability from cvelistv5
Published
2017-07-10 16:00
Modified
2024-09-16 21:09
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22003851 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/125145 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/99494 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:27.887Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003851", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145", }, { name: "99494", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99494", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.2", }, ], }, ], datePublic: "2017-07-06T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003851", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145", }, { name: "99494", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99494", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-07-06T00:00:00", ID: "CVE-2017-1284", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22003851", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22003851", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145", }, { name: "99494", refsource: "BID", url: "http://www.securityfocus.com/bid/99494", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1284", datePublished: "2017-07-10T16:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T21:09:05.853Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4227
Vulnerability from cvelistv5
Published
2019-10-04 14:05
Modified
2024-09-16 17:43
Severity ?
EPSS score ?
Summary
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/886899 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/159352 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 8.0.0.12 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:37.652Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/886899", }, { name: "ibm-websphere-cve20194227-session-fixation (159352)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159352", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, { status: "affected", version: "8.0.0.12", }, ], }, ], datePublic: "2019-09-25T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.9, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/UI:N/C:L/PR:N/AV:N/A:L/S:U/I:L/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-04T14:05:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/886899", }, { name: "ibm-websphere-cve20194227-session-fixation (159352)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159352", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-09-25T00:00:00", ID: "CVE-2019-4227", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, { version_value: "8.0.0.12", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "H", AV: "N", C: "L", I: "L", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/886899", refsource: "CONFIRM", title: "IBM Security Bulletin 886899 (MQ)", url: "https://www.ibm.com/support/pages/node/886899", }, { name: "ibm-websphere-cve20194227-session-fixation (159352)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159352", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4227", datePublished: "2019-10-04T14:05:20.248976Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T17:43:43.944Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22321
Vulnerability from cvelistv5
Published
2022-03-01 16:45
Modified
2024-09-16 18:03
Severity ?
EPSS score ?
Summary
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6560042 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/218368 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Appliance |
Version: 9.2 LTS Version: 9.2 CD |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:07:50.236Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6560042", }, { name: "ibm-mq-cve202222321-info-disc (218368)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.2 LTS", }, { status: "affected", version: "9.2 CD", }, ], }, ], datePublic: "2022-02-28T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AV:L/UI:N/C:H/PR:N/I:N/S:U/AC:H/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-01T16:45:26", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6560042", }, { name: "ibm-mq-cve202222321-info-disc (218368)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-02-28T00:00:00", ID: "CVE-2022-22321", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ Appliance", version: { version_data: [ { version_value: "9.2 LTS", }, { version_value: "9.2 CD", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "L", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6560042", refsource: "CONFIRM", title: "IBM Security Bulletin 6560042 (MQ Appliance)", url: "https://www.ibm.com/support/pages/node/6560042", }, { name: "ibm-mq-cve202222321-info-disc (218368)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22321", datePublished: "2022-03-01T16:45:26.994220Z", dateReserved: "2022-01-03T00:00:00", dateUpdated: "2024-09-16T18:03:45.740Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1236
Vulnerability from cvelistv5
Published
2017-07-06 14:00
Modified
2024-09-16 17:37
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22003510 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99505 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/124354 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:25:17.451Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003510", }, { name: "99505", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99505", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.2", }, ], }, ], datePublic: "2017-07-05T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003510", }, { name: "99505", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99505", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-07-05T00:00:00", ID: "CVE-2017-1236", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22003510", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22003510", }, { name: "99505", refsource: "BID", url: "http://www.securityfocus.com/bid/99505", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1236", datePublished: "2017-07-06T14:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T17:37:47.300Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1117
Vulnerability from cvelistv5
Published
2017-06-21 18:00
Modified
2024-08-05 13:25
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99136 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22001468 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/121155 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:25:17.207Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "99136", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99136", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22001468", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/121155", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, ], }, ], datePublic: "2017-06-06T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-06-22T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "99136", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99136", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22001468", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/121155", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2017-1117", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "99136", refsource: "BID", url: "http://www.securityfocus.com/bid/99136", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22001468", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22001468", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/121155", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/121155", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1117", datePublished: "2017-06-21T18:00:00", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-08-05T13:25:17.207Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1283
Vulnerability from cvelistv5
Published
2017-11-27 21:00
Modified
2024-09-16 16:14
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22003852 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/125144 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:28.414Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003852", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, ], }, ], datePublic: "2017-11-15T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-11-27T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003852", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-11-15T00:00:00", ID: "CVE-2017-1283", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22003852", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22003852", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1283", datePublished: "2017-11-27T21:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T16:14:15.714Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4141
Vulnerability from cvelistv5
Published
2019-09-27 14:00
Modified
2024-09-16 18:43
Severity ?
EPSS score ?
Summary
IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/876772 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158337 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 Version: 8.0.0.8 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.1.0.5 Version: 7.1.0.6 Version: 7.1.0.7 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 7.1.0.0 Version: 7.1.0.8 Version: 7.1.0.9 Version: 7.5.0.0 Version: 7.5.0.9 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:27.932Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/876772", }, { name: "ibm-websphere-cve20194141-dos (158337)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "7.5.0.5", }, { status: "affected", version: "7.5.0.6", }, { status: "affected", version: "7.5.0.7", }, { status: "affected", version: "7.5.0.8", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.1.0.4", }, { status: "affected", version: "7.1.0.5", }, { status: "affected", version: "7.1.0.6", }, { status: "affected", version: "7.1.0.7", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, { status: "affected", version: "7.1.0.0", }, { status: "affected", version: "7.1.0.8", }, { status: "affected", version: "7.1.0.9", }, { status: "affected", version: "7.5.0.0", }, { status: "affected", version: "7.5.0.9", }, ], }, ], datePublic: "2019-09-25T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/UI:N/S:U/I:N/A:H/C:N/AV:N/AC:H/PR:L/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-27T14:00:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/876772", }, { name: "ibm-websphere-cve20194141-dos (158337)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-09-25T00:00:00", ID: "CVE-2019-4141", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "7.5.0.1", }, { version_value: "7.5.0.2", }, { version_value: "7.5.0.3", }, { version_value: "7.5.0.4", }, { version_value: "7.5.0.5", }, { version_value: "7.5.0.6", }, { version_value: "7.5.0.7", }, { version_value: "7.5.0.8", }, { version_value: "8.0.0.8", }, { version_value: "7.1.0.2", }, { version_value: "7.1.0.3", }, { version_value: "7.1.0.4", }, { version_value: "7.1.0.5", }, { version_value: "7.1.0.6", }, { version_value: "7.1.0.7", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, { version_value: "7.1.0.0", }, { version_value: "7.1.0.8", }, { version_value: "7.1.0.9", }, { version_value: "7.5.0.0", }, { version_value: "7.5.0.9", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/876772", refsource: "CONFIRM", title: "IBM Security Bulletin 876772 (MQ)", url: "https://www.ibm.com/support/pages/node/876772", }, { name: "ibm-websphere-cve20194141-dos (158337)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4141", datePublished: "2019-09-27T14:00:20.780461Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T18:43:22.998Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6089
Vulnerability from cvelistv5
Published
2017-06-07 17:00
Modified
2024-08-06 01:22
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/117926 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22003509 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98770 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:22:20.111Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003509", }, { name: "98770", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98770", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, ], }, ], datePublic: "2017-05-31T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.", }, ], problemTypes: [ { descriptions: [ { description: "File Manipulation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-06-08T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003509", }, { name: "98770", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98770", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-6089", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "File Manipulation", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22003509", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22003509", }, { name: "98770", refsource: "BID", url: "http://www.securityfocus.com/bid/98770", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-6089", datePublished: "2017-06-07T17:00:00", dateReserved: "2016-06-29T00:00:00", dateUpdated: "2024-08-06T01:22:20.111Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31772
Vulnerability from cvelistv5
Published
2022-11-11 18:56
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6833806 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/228335 | vdb-entry |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:26:01.046Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6833806", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/228335", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.</span>\n\n", }, ], value: "\nIBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-11T18:56:12.717Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6833806", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/228335", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-31772", datePublished: "2022-11-11T18:56:12.717Z", dateReserved: "2022-05-27T15:57:46.681Z", dateUpdated: "2024-08-03T07:26:01.046Z", requesterUserId: "69938c14-a5a2-41ac-a450-71ed41911136", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42436
Vulnerability from cvelistv5
Published
2023-02-08 19:28
Modified
2025-03-25 13:56
Severity ?
EPSS score ?
Summary
IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6909467 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/238206 | vdb-entry |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:10:40.867Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6909467", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238206", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-42436", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-25T13:56:08.631590Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T13:56:20.998Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.", }, ], value: "IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-12T01:45:42.615Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6909467", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238206", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-42436", datePublished: "2023-02-08T19:28:52.753Z", dateReserved: "2022-10-06T15:51:26.498Z", dateUpdated: "2025-03-25T13:56:20.998Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1925
Vulnerability from cvelistv5
Published
2019-04-15 14:55
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10744713 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/152925 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:39.384Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10744713", }, { name: "ibm-websphere-cve20181925-info-disc (152925)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152925", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, ], }, ], datePublic: "2019-04-10T00:00:00", descriptions: [ { lang: "en", value: "IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/S:U/A:N/PR:N/AV:N/AC:H/UI:N/I:N/C:H/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-15T14:55:26", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10744713", }, { name: "ibm-websphere-cve20181925-info-disc (152925)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152925", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-04-10T00:00:00", ID: "CVE-2018-1925", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10744713", refsource: "CONFIRM", title: "IBM Security Bulletin 744713 (MQ)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10744713", }, { name: "ibm-websphere-cve20181925-info-disc (152925)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152925", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1925", datePublished: "2019-04-15T14:55:26.446570Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T18:39:54.967Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1371
Vulnerability from cvelistv5
Published
2018-04-17 15:00
Modified
2024-09-16 16:42
Severity ?
EPSS score ?
Summary
An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/137771 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22012983 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:38.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137771", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012983", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "8.0.0.8", }, ], }, ], datePublic: "2018-04-13T00:00:00", descriptions: [ { lang: "en", value: "An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-17T14:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137771", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012983", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-04-13T00:00:00", ID: "CVE-2018-1371", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.2", }, { version_value: "9.0.4", }, { version_value: "8.0.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137771", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137771", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22012983", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22012983", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1371", datePublished: "2018-04-17T15:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T16:42:58.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35155
Vulnerability from cvelistv5
Published
2024-06-28 17:40
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7158059 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/292765 | vdb-entry |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35155", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T18:17:29.270193Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-01T18:43:20.905Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.739Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7158059", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292765", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.3 LTS and 9.3 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765.", }, ], value: "IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-28T17:40:37.828Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7158059", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292765", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-35155", datePublished: "2024-06-28T17:40:37.828Z", dateReserved: "2024-05-09T16:27:47.447Z", dateUpdated: "2024-08-02T03:07:46.739Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52898
Vulnerability from cvelistv5
Published
2025-01-14 16:49
Modified
2025-01-14 17:41
Severity ?
EPSS score ?
Summary
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-52898", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T17:41:36.882087Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T17:41:54.638Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned.", }, ], value: "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T16:49:57.674Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7179150", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-52898", datePublished: "2025-01-14T16:49:57.674Z", dateReserved: "2024-11-17T14:25:44.935Z", dateUpdated: "2025-01-14T17:41:54.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38949
Vulnerability from cvelistv5
Published
2021-11-16 16:55
Modified
2024-09-17 00:50
Severity ?
EPSS score ?
Summary
IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6516424 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/211403 | vdb-entry, x_refsource_XF |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:51:20.731Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6516424", }, { name: "ibm-mq-cve202138949-info-disc (211403)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/211403", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0.0", }, { status: "affected", version: "9.0.0", }, { status: "affected", version: "9.1.0", }, { status: "affected", version: "7.5.0", }, ], }, ], datePublic: "2021-11-15T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/C:H/AV:L/S:U/A:N/AC:L/I:N/UI:N/PR:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-16T16:55:19", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6516424", }, { name: "ibm-mq-cve202138949-info-disc (211403)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/211403", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-11-15T00:00:00", ID: "CVE-2021-38949", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0.0", }, { version_value: "9.0.0", }, { version_value: "9.1.0", }, { version_value: "7.5.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6516424", refsource: "CONFIRM", title: "IBM Security Bulletin 6516424 (MQ)", url: "https://www.ibm.com/support/pages/node/6516424", }, { name: "ibm-mq-cve202138949-info-disc (211403)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/211403", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-38949", datePublished: "2021-11-16T16:55:19.555162Z", dateReserved: "2021-08-16T00:00:00", dateUpdated: "2024-09-17T00:50:43.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4762
Vulnerability from cvelistv5
Published
2020-04-16 15:35
Modified
2024-09-16 16:24
Severity ?
EPSS score ?
Summary
IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. IBM X-Force ID: 173625.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/4832931 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/173625 | vdb-entry, x_refsource_XF |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:49.085Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/4832931", }, { name: "ibm-mq-cve20194762-dos (173625)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/173625", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "9.0.0.6", }, { status: "affected", version: "9.1.3", }, { status: "affected", version: "9.0.0.7", }, { status: "affected", version: "9.0.0.8", }, { status: "affected", version: "9.1.4", }, ], }, ], datePublic: "2020-04-15T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. IBM X-Force ID: 173625.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/PR:N/UI:N/S:U/C:N/AV:N/AC:H/I:N/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T15:35:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/4832931", }, { name: "ibm-mq-cve20194762-dos (173625)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/173625", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-04-15T00:00:00", ID: "CVE-2019-4762", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "9.0.0.2", }, { version_value: "9.0.0.3", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "9.0.0.6", }, { version_value: "9.1.3", }, { version_value: "9.0.0.7", }, { version_value: "9.0.0.8", }, { version_value: "9.1.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. IBM X-Force ID: 173625.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/4832931", refsource: "CONFIRM", title: "IBM Security Bulletin 4832931 (MQ)", url: "https://www.ibm.com/support/pages/node/4832931", }, { name: "ibm-mq-cve20194762-dos (173625)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/173625", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4762", datePublished: "2020-04-16T15:35:20.739686Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T16:24:00.341Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26285
Vulnerability from cvelistv5
Published
2023-05-05 15:16
Modified
2025-01-29 16:25
Severity ?
EPSS score ?
Summary
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6986563 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/248418 | vdb-entry |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:46:23.509Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6986563", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/248418", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-26285", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T16:20:56.928957Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T16:25:29.267Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.2 CD, 9.2 LTS, 9.3 CD, 9.3 LTS", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.", }, ], value: "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-05T15:16:00.291Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6986563", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/248418", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-26285", datePublished: "2023-05-05T15:16:00.291Z", dateReserved: "2023-02-21T13:55:50.151Z", dateUpdated: "2025-01-29T16:25:29.267Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-51470
Vulnerability from cvelistv5
Published
2024-12-18 19:56
Modified
2024-12-18 20:24
Severity ?
EPSS score ?
Summary
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7179137 | vendor-advisory | |
| https://www.ibm.com/support/pages/node/7178085 | vendor-advisory | |
| https://www.ibm.com/support/pages/node/7177593 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | MQ |
Version: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-51470", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T20:24:17.133411Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T20:24:38.409Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD", }, ], }, { cpes: [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*", ], defaultStatus: "unaffected", product: "MQ Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.3 LTS, 9.3 CD, 9.4 LTS", }, ], }, { cpes: [ "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "MQ for HPE NonStop", vendor: "IBM", versions: [ { lessThanOrEqual: "8.1.0.25", status: "affected", version: "8.1.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.</span>", }, ], value: "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "CWE-754 Improper Check for Unusual or Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T19:56:10.377Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7179137", }, { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7178085", }, { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7177593", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-51470", datePublished: "2024-12-18T19:56:10.377Z", dateReserved: "2024-10-28T10:50:18.700Z", dateUpdated: "2024-12-18T20:24:38.409Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1974
Vulnerability from cvelistv5
Published
2019-03-11 22:00
Modified
2024-09-16 16:43
Severity ?
EPSS score ?
Summary
IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/153915 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=ibm10792043 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:39.474Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-websphere-cve20181974-priv-escalation(153915)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/153915", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10792043", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, ], }, ], datePublic: "2019-03-08T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:H/AV:N/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-11T21:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-websphere-cve20181974-priv-escalation(153915)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/153915", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10792043", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-03-08T00:00:00", ID: "CVE-2018-1974", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "H", I: "H", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "ibm-websphere-cve20181974-priv-escalation(153915)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/153915", }, { name: "https://www.ibm.com/support/docview.wss?uid=ibm10792043", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10792043", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1974", datePublished: "2019-03-11T22:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T16:43:47.558Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28950
Vulnerability from cvelistv5
Published
2023-05-19 15:20
Modified
2025-02-12 17:03
Severity ?
EPSS score ?
Summary
IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.
References
| ▼ | URL | Tags |
|---|---|---|
| https://https://www.ibm.com/support/pages/node/6985837 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/251358 | vdb-entry |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T13:51:39.003Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://https://www.ibm.com/support/pages/node/6985837", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/251358", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28950", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-21T18:16:27.947794Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T17:03:03.855Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.2 CD, 9.3 LTS, 9.3 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.", }, ], value: "IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "497 Exposure of System Data to an Unauthorized Control Sphere", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-19T15:20:50.476Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://https://www.ibm.com/support/pages/node/6985837", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/251358", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-28950", datePublished: "2023-05-19T15:20:50.476Z", dateReserved: "2023-03-29T01:33:55.064Z", dateUpdated: "2025-02-12T17:03:03.855Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4619
Vulnerability from cvelistv5
Published
2020-03-16 15:25
Modified
2024-09-16 20:12
Severity ?
EPSS score ?
Summary
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1135101 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/168862 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 Version: 8.0.0.8 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.1.0.5 Version: 7.1.0.6 Version: 7.1.0.7 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 7.1.0.0 Version: 7.1.0.8 Version: 7.1.0.9 Version: 7.5.0.0 Version: 7.5.0.9 Version: 8.0.0.12 Version: 9.1.0.3 Version: 9.1.3 Version: 9.0.0.7 Version: 8.0.0.13 Version: 9.0.0.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:48.099Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1135101", }, { name: "ibm-mq-cve20194619-info-disc (168862)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "7.5.0.5", }, { status: "affected", version: "7.5.0.6", }, { status: "affected", version: "7.5.0.7", }, { status: "affected", version: "7.5.0.8", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.1.0.4", }, { status: "affected", version: "7.1.0.5", }, { status: "affected", version: "7.1.0.6", }, { status: "affected", version: "7.1.0.7", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, { status: "affected", version: "7.1.0.0", }, { status: "affected", version: "7.1.0.8", }, { status: "affected", version: "7.1.0.9", }, { status: "affected", version: "7.5.0.0", }, { status: "affected", version: "7.5.0.9", }, { status: "affected", version: "8.0.0.12", }, { status: "affected", version: "9.1.0.3", }, { status: "affected", version: "9.1.3", }, { status: "affected", version: "9.0.0.7", }, { status: "affected", version: "8.0.0.13", }, { status: "affected", version: "9.0.0.8", }, ], }, ], datePublic: "2020-03-13T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/PR:N/AV:L/AC:H/A:N/I:N/UI:N/S:U/C:H/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-16T15:25:19", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1135101", }, { name: "ibm-mq-cve20194619-info-disc (168862)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-03-13T00:00:00", ID: "CVE-2019-4619", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "7.5.0.1", }, { version_value: "7.5.0.2", }, { version_value: "7.5.0.3", }, { version_value: "7.5.0.4", }, { version_value: "7.5.0.5", }, { version_value: "7.5.0.6", }, { version_value: "7.5.0.7", }, { version_value: "7.5.0.8", }, { version_value: "8.0.0.8", }, { version_value: "7.1.0.1", }, { version_value: "7.1.0.2", }, { version_value: "7.1.0.3", }, { version_value: "7.1.0.4", }, { version_value: "7.1.0.5", }, { version_value: "7.1.0.6", }, { version_value: "7.1.0.7", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, { version_value: "7.1.0.0", }, { version_value: "7.1.0.8", }, { version_value: "7.1.0.9", }, { version_value: "7.5.0.0", }, { version_value: "7.5.0.9", }, { version_value: "8.0.0.12", }, { version_value: "9.1.0.3", }, { version_value: "9.1.3", }, { version_value: "9.0.0.7", }, { version_value: "8.0.0.13", }, { version_value: "9.0.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "L", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1135101", refsource: "CONFIRM", title: "IBM Security Bulletin 1135101 (MQ)", url: "https://www.ibm.com/support/pages/node/1135101", }, { name: "ibm-mq-cve20194619-info-disc (168862)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4619", datePublished: "2020-03-16T15:25:20.026505Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T20:12:49.114Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25016
Vulnerability from cvelistv5
Published
2024-03-03 03:09
Modified
2024-08-01 23:36
Severity ?
EPSS score ?
Summary
IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7123139 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/281279 | vdb-entry |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-25016", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-05T15:59:06.334619Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:35:38.636Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:36:21.339Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7123139", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/281279", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.", }, ], value: "IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-03T03:09:09.906Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7123139", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/281279", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-25016", datePublished: "2024-03-03T03:09:09.906Z", dateReserved: "2024-02-03T14:48:56.576Z", dateUpdated: "2024-08-01T23:36:21.339Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4931
Vulnerability from cvelistv5
Published
2021-02-24 17:20
Modified
2024-09-17 03:07
Severity ?
EPSS score ?
Summary
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6403295 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/191747 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Appliance |
Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 9.1.0.3 Version: 9.1.3 Version: 9.1.0.4 Version: 9.1.4 Version: 9.1.0.5 Version: 9.1.5 Version: 9.1.0.6 Version: 9.2.0.0 Version: 9.2.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:59.186Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6403295", }, { name: "ibm-mq-cve20204931-dos (191747)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "9.1.0.3", }, { status: "affected", version: "9.1.3", }, { status: "affected", version: "9.1.0.4", }, { status: "affected", version: "9.1.4", }, { status: "affected", version: "9.1.0.5", }, { status: "affected", version: "9.1.5", }, { status: "affected", version: "9.1.0.6", }, { status: "affected", version: "9.2.0.0", }, { status: "affected", version: "9.2.0.1", }, ], }, ], datePublic: "2021-02-23T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.7, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/S:U/UI:N/A:H/C:N/PR:L/I:N/AC:L/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-24T17:20:13", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6403295", }, { name: "ibm-mq-cve20204931-dos (191747)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-02-23T00:00:00", ID: "CVE-2020-4931", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ Appliance", version: { version_data: [ { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "9.1.0.3", }, { version_value: "9.1.3", }, { version_value: "9.1.0.4", }, { version_value: "9.1.4", }, { version_value: "9.1.0.5", }, { version_value: "9.1.5", }, { version_value: "9.1.0.6", }, { version_value: "9.2.0.0", }, { version_value: "9.2.0.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6403295", refsource: "CONFIRM", title: "IBM Security Bulletin 6403295 (MQ Appliance)", url: "https://www.ibm.com/support/pages/node/6403295", }, { name: "ibm-mq-cve20204931-dos (191747)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4931", datePublished: "2021-02-24T17:20:13.887915Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T03:07:35.365Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1419
Vulnerability from cvelistv5
Published
2018-06-15 14:00
Modified
2024-09-16 20:57
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22014650 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104488 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/138949 | vdb-entry, x_refsource_XF |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.068Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014650", }, { name: "104488", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104488", }, { name: "ibm-websphere-cve20181419-dos(138949)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138949", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "8.0.0.8", }, ], }, ], datePublic: "2018-06-12T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.2, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/A:L/AC:H/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-19T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014650", }, { name: "104488", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104488", }, { name: "ibm-websphere-cve20181419-dos(138949)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138949", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-06-12T00:00:00", ID: "CVE-2018-1419", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "8.0.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "H", AV: "N", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22014650", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22014650", }, { name: "104488", refsource: "BID", url: "http://www.securityfocus.com/bid/104488", }, { name: "ibm-websphere-cve20181419-dos(138949)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138949", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1419", datePublished: "2018-06-15T14:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T20:57:17.398Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1760
Vulnerability from cvelistv5
Published
2017-12-11 21:00
Modified
2024-09-16 18:18
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/126454 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22005392 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 7.5 Version: 8.0 Version: 9.0 Version: 9.0.1 Version: 9.0.0.1 Version: 9.0.2 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 9.0.3 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:32.277Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126454", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005392", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "7.5.0.5", }, { status: "affected", version: "7.5.0.6", }, { status: "affected", version: "7.5.0.7", }, { status: "affected", version: "7.5.0.8", }, ], }, ], datePublic: "2017-12-06T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-11T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126454", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005392", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-12-06T00:00:00", ID: "CVE-2017-1760", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "9.0.3", }, { version_value: "7.5.0.1", }, { version_value: "7.5.0.2", }, { version_value: "7.5.0.3", }, { version_value: "7.5.0.4", }, { version_value: "7.5.0.5", }, { version_value: "7.5.0.6", }, { version_value: "7.5.0.7", }, { version_value: "7.5.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126454", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126454", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22005392", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22005392", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1760", datePublished: "2017-12-11T21:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T18:18:02.093Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-0985
Vulnerability from cvelistv5
Published
2025-02-28 16:21
Modified
2025-02-28 16:36
Severity ?
EPSS score ?
Summary
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD
stores potentially sensitive information in environment variables that could be obtained by a local user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7184453 | vendor-advisory |
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2025-0985", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T16:35:25.364822Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-526", description: "CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T16:36:42.052Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD \n\n<span style=\"background-color: rgb(255, 255, 255);\">stores potentially sensitive information in environment variables that could be obtained by a local user.</span>", }, ], value: "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD \n\nstores potentially sensitive information in environment variables that could be obtained by a local user.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-526", description: "CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T16:21:35.830Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7184453", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2025-0985", datePublished: "2025-02-28T16:21:35.830Z", dateReserved: "2025-02-03T13:43:53.407Z", dateUpdated: "2025-02-28T16:36:42.052Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40680
Vulnerability from cvelistv5
Published
2024-09-07 14:02
Modified
2024-10-31 16:26
Severity ?
EPSS score ?
Summary
IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7167732 | vendor-advisory |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40680", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-09T14:09:47.896534Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-09T14:10:08.338Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.3 CD, 9.4 LTS, 9.4 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.", }, ], value: "IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-789", description: "CWE-789 Uncontrolled Memory Allocation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-31T16:26:59.453Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7167732", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-40680", datePublished: "2024-09-07T14:02:30.422Z", dateReserved: "2024-07-08T19:30:52.529Z", dateUpdated: "2024-10-31T16:26:59.453Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45177
Vulnerability from cvelistv5
Published
2024-03-20 17:29
Modified
2024-08-02 20:14
Severity ?
EPSS score ?
Summary
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7063661 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/268066 | vdb-entry |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-45177", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-20T19:24:41.245177Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:21:13.926Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.779Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7063661", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/268066", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066.", }, ], value: "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-20T17:29:59.398Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7063661", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/268066", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-45177", datePublished: "2024-03-20T17:29:59.398Z", dateReserved: "2023-10-05T01:38:58.206Z", dateUpdated: "2024-08-02T20:14:19.779Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40681
Vulnerability from cvelistv5
Published
2024-09-07 14:09
Modified
2024-10-31 16:31
Severity ?
EPSS score ?
Summary
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7167732 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40681", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-09T14:10:20.594086Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-09T14:10:29.962Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.", }, ], value: "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266 Incorrect Privilege Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-31T16:31:36.738Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7167732", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ security bypass", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-40681", datePublished: "2024-09-07T14:09:19.767Z", dateReserved: "2024-07-08T19:30:52.529Z", dateUpdated: "2024-10-31T16:31:36.738Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4870
Vulnerability from cvelistv5
Published
2020-12-21 17:50
Modified
2024-09-17 03:22
Severity ?
EPSS score ?
Summary
IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6380742 | x_refsource_CONFIRM | |
| https://www.ibm.com/support/pages/node/6386466 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/190833 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | MQ |
Version: 9.2.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:59.059Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6380742", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6386466", }, { name: "ibm-mq-cve20204870-dos (190833)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.2.0", }, ], }, { product: "MQ Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.2.0.0", }, ], }, ], datePublic: "2020-12-18T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/PR:N/AC:H/S:U/UI:N/AV:N/A:H/I:N/C:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-21T17:50:32", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6380742", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6386466", }, { name: "ibm-mq-cve20204870-dos (190833)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-12-18T00:00:00", ID: "CVE-2020-4870", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.2.0", }, ], }, }, { product_name: "MQ Appliance", version: { version_data: [ { version_value: "9.2.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6380742", refsource: "CONFIRM", title: "IBM Security Bulletin 6380742 (MQ Appliance)", url: "https://www.ibm.com/support/pages/node/6380742", }, { name: "https://www.ibm.com/support/pages/node/6386466", refsource: "CONFIRM", title: "IBM Security Bulletin 6386466 (MQ)", url: "https://www.ibm.com/support/pages/node/6386466", }, { name: "ibm-mq-cve20204870-dos (190833)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4870", datePublished: "2020-12-21T17:50:32.362789Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T03:22:23.347Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4614
Vulnerability from cvelistv5
Published
2020-01-28 18:30
Modified
2024-09-17 04:19
Severity ?
EPSS score ?
Summary
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1106523 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/168639 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 8.0.0.12 Version: 9.1.0.3 Version: 9.1.3 Version: 9.0.0.7 Version: 8.0.0.13 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:48.096Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1106523", }, { name: "ibm-mq-cve20194614-dos (168639)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, { status: "affected", version: "8.0.0.12", }, { status: "affected", version: "9.1.0.3", }, { status: "affected", version: "9.1.3", }, { status: "affected", version: "9.0.0.7", }, { status: "affected", version: "8.0.0.13", }, ], }, ], datePublic: "2020-01-24T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/C:N/AC:H/I:N/PR:L/UI:N/S:U/A:H/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-28T18:30:52", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1106523", }, { name: "ibm-mq-cve20194614-dos (168639)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-01-24T00:00:00", ID: "CVE-2019-4614", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, { version_value: "8.0.0.12", }, { version_value: "9.1.0.3", }, { version_value: "9.1.3", }, { version_value: "9.0.0.7", }, { version_value: "8.0.0.13", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1106523", refsource: "CONFIRM", title: "IBM Security Bulletin 1106523 (MQ)", url: "https://www.ibm.com/support/pages/node/1106523", }, { name: "ibm-mq-cve20194614-dos (168639)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4614", datePublished: "2020-01-28T18:30:52.540004Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T04:19:34.761Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4320
Vulnerability from cvelistv5
Published
2020-06-16 13:45
Modified
2024-09-16 20:58
Severity ?
EPSS score ?
Summary
IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/5736885 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/177403 | vdb-entry, x_refsource_XF |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:07.371Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/5736885", }, { name: "ibm-mq-cve20204320-dos (177403)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177403", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0.LTS", }, { status: "affected", version: "9.1.LTS", }, { status: "affected", version: "9.1.CD", }, ], }, ], datePublic: "2020-06-15T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/I:N/AC:H/S:U/PR:L/A:H/C:N/UI:N/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-16T13:45:21", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/5736885", }, { name: "ibm-mq-cve20204320-dos (177403)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177403", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-06-15T00:00:00", ID: "CVE-2020-4320", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0.LTS", }, { version_value: "9.1.LTS", }, { version_value: "9.1.CD", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/5736885", refsource: "CONFIRM", title: "IBM Security Bulletin 5736885 (MQ)", url: "https://www.ibm.com/support/pages/node/5736885", }, { name: "ibm-mq-cve20204320-dos (177403)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177403", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4320", datePublished: "2020-06-16T13:45:21.961104Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T20:58:27.407Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4719
Vulnerability from cvelistv5
Published
2020-03-16 15:25
Modified
2024-09-16 18:49
Severity ?
EPSS score ?
Summary
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1136608 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/172124 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 Version: 8.0.0.8 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.1.0.5 Version: 7.1.0.6 Version: 7.1.0.7 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 7.1.0.0 Version: 7.1.0.8 Version: 7.1.0.9 Version: 7.5.0.0 Version: 7.5.0.9 Version: 8.0.0.12 Version: 9.1.0.3 Version: 9.1.3 Version: 9.0.0.7 Version: 8.0.0.13 Version: 9.0.0.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:49.188Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1136608", }, { name: "ibm-mq-cve20194719-info-disc (172124)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "7.5.0.5", }, { status: "affected", version: "7.5.0.6", }, { status: "affected", version: "7.5.0.7", }, { status: "affected", version: "7.5.0.8", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.1.0.4", }, { status: "affected", version: "7.1.0.5", }, { status: "affected", version: "7.1.0.6", }, { status: "affected", version: "7.1.0.7", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, { status: "affected", version: "7.1.0.0", }, { status: "affected", version: "7.1.0.8", }, { status: "affected", version: "7.1.0.9", }, { status: "affected", version: "7.5.0.0", }, { status: "affected", version: "7.5.0.9", }, { status: "affected", version: "8.0.0.12", }, { status: "affected", version: "9.1.0.3", }, { status: "affected", version: "9.1.3", }, { status: "affected", version: "9.0.0.7", }, { status: "affected", version: "8.0.0.13", }, { status: "affected", version: "9.0.0.8", }, ], }, ], datePublic: "2020-03-13T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/S:U/AV:L/PR:N/AC:H/A:N/UI:N/C:H/I:N/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-16T15:25:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1136608", }, { name: "ibm-mq-cve20194719-info-disc (172124)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-03-13T00:00:00", ID: "CVE-2019-4719", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "7.5.0.1", }, { version_value: "7.5.0.2", }, { version_value: "7.5.0.3", }, { version_value: "7.5.0.4", }, { version_value: "7.5.0.5", }, { version_value: "7.5.0.6", }, { version_value: "7.5.0.7", }, { version_value: "7.5.0.8", }, { version_value: "8.0.0.8", }, { version_value: "7.1.0.1", }, { version_value: "7.1.0.2", }, { version_value: "7.1.0.3", }, { version_value: "7.1.0.4", }, { version_value: "7.1.0.5", }, { version_value: "7.1.0.6", }, { version_value: "7.1.0.7", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, { version_value: "7.1.0.0", }, { version_value: "7.1.0.8", }, { version_value: "7.1.0.9", }, { version_value: "7.5.0.0", }, { version_value: "7.5.0.9", }, { version_value: "8.0.0.12", }, { version_value: "9.1.0.3", }, { version_value: "9.1.3", }, { version_value: "9.0.0.7", }, { version_value: "8.0.0.13", }, { version_value: "9.0.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "L", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1136608", refsource: "CONFIRM", title: "IBM Security Bulletin 1136608 (MQ)", url: "https://www.ibm.com/support/pages/node/1136608", }, { name: "ibm-mq-cve20194719-info-disc (172124)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4719", datePublished: "2020-03-16T15:25:20.927352Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T18:49:55.996Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52896
Vulnerability from cvelistv5
Published
2024-12-19 17:01
Modified
2025-01-10 14:26
Severity ?
EPSS score ?
Summary
IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-52896", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-20T16:45:05.829507Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-20T17:40:50.695Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.</span>", }, ], value: "IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-10T14:26:51.681Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7179152", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-52896", datePublished: "2024-12-19T17:01:20.061Z", dateReserved: "2024-11-17T14:25:44.935Z", dateUpdated: "2025-01-10T14:26:51.681Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1883
Vulnerability from cvelistv5
Published
2018-12-07 16:00
Modified
2024-09-16 22:13
Severity ?
EPSS score ?
Summary
A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/151969 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=ibm10738197 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106146 | vdb-entry, x_refsource_BID |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:38.748Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-websphere-cve20181883-dos(151969)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/151969", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10738197", }, { name: "106146", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106146", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.1.0.0", }, ], }, ], datePublic: "2018-12-05T00:00:00", descriptions: [ { lang: "en", value: "A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:L/AC:L/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-10T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-websphere-cve20181883-dos(151969)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/151969", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10738197", }, { name: "106146", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106146", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-12-05T00:00:00", ID: "CVE-2018-1883", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.2", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "9.0.5", }, { version_value: "9.1.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "ibm-websphere-cve20181883-dos(151969)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/151969", }, { name: "https://www.ibm.com/support/docview.wss?uid=ibm10738197", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10738197", }, { name: "106146", refsource: "BID", url: "http://www.securityfocus.com/bid/106146", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1883", datePublished: "2018-12-07T16:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T22:13:59.986Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1747
Vulnerability from cvelistv5
Published
2018-03-30 16:00
Modified
2024-09-17 03:42
Severity ?
EPSS score ?
Summary
A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/135520 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22012992 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/103590 | vdb-entry, x_refsource_BID |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:32.289Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/135520", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012992", }, { name: "103590", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103590", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, ], }, ], datePublic: "2018-03-29T00:00:00", descriptions: [ { lang: "en", value: "A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:H/AV:N/C:N/I:N/PR:L/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/135520", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012992", }, { name: "103590", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103590", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-03-29T00:00:00", ID: "CVE-2017-1747", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "9.0.0.2", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/135520", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/135520", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22012992", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22012992", }, { name: "103590", refsource: "BID", url: "http://www.securityfocus.com/bid/103590", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1747", datePublished: "2018-03-30T16:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-17T03:42:57.406Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4338
Vulnerability from cvelistv5
Published
2020-04-16 15:35
Modified
2024-09-17 03:44
Severity ?
EPSS score ?
Summary
IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6172539 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/177937 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:07.163Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6172539", }, { name: "ibm-mq-cve20204338-info-disc (177937)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177937", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.1.4", }, ], }, ], datePublic: "2020-04-15T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/UI:N/PR:N/A:N/I:N/AC:H/AV:L/C:H/S:U/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T15:35:21", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6172539", }, { name: "ibm-mq-cve20204338-info-disc (177937)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177937", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-04-15T00:00:00", ID: "CVE-2020-4338", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.1.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "L", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6172539", refsource: "CONFIRM", title: "IBM Security Bulletin 6172539 (MQ)", url: "https://www.ibm.com/support/pages/node/6172539", }, { name: "ibm-mq-cve20204338-info-disc (177937)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177937", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4338", datePublished: "2020-04-16T15:35:21.704224Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T03:44:17.167Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28514
Vulnerability from cvelistv5
Published
2023-05-19 14:43
Modified
2025-02-12 16:45
Severity ?
EPSS score ?
Summary
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6985835 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/250398 | vdb-entry |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T13:43:22.257Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6985835", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/250398", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28514", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-21T18:16:45.761049Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T16:45:31.945Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0, 9.0 LTS, 9.0 CD, 9.1 LTS", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.", }, ], value: "IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-19T14:43:45.786Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6985835", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/250398", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-28514", datePublished: "2023-05-19T14:43:45.786Z", dateReserved: "2023-03-16T21:05:38.974Z", dateUpdated: "2025-02-12T16:45:31.945Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35116
Vulnerability from cvelistv5
Published
2024-06-28 18:20
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7157387 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/290335 | vdb-entry | |
| https://www.ibm.com/support/pages/node/7158071 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD cpe:2.3:a:ibm:mq_appliance:9.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35116", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T18:02:58.397744Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-08T17:21:11.921Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.479Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7157387", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/290335", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7158071", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:mq_appliance:9.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", ], defaultStatus: "unaffected", product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.", }, ], value: "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-789", description: "CWE-789 Uncontrolled Memory Allocation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-28T18:20:50.152Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7157387", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/290335", }, { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7158071", }, ], source: { discovery: "UNKNOWN", }, title: "IBM MQ denial of service", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-35116", datePublished: "2024-06-28T18:20:50.152Z", dateReserved: "2024-05-09T16:27:02.679Z", dateUpdated: "2024-08-02T03:07:46.479Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4055
Vulnerability from cvelistv5
Published
2019-04-19 16:20
Modified
2024-09-17 04:14
Severity ?
EPSS score ?
Summary
IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10870484 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/156564 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/108027 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:27.972Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870484", }, { name: "ibm-websphere-cve20194055-dos (156564)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564", }, { name: "108027", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108027", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, ], }, ], datePublic: "2019-04-16T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/I:N/C:N/AV:N/A:H/UI:N/PR:N/S:U/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-23T07:06:04", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870484", }, { name: "ibm-websphere-cve20194055-dos (156564)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564", }, { name: "108027", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108027", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-04-16T00:00:00", ID: "CVE-2019-4055", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10870484", refsource: "CONFIRM", title: "IBM Security Bulletin 870484 (MQ)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10870484", }, { name: "ibm-websphere-cve20194055-dos (156564)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564", }, { name: "108027", refsource: "BID", url: "http://www.securityfocus.com/bid/108027", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4055", datePublished: "2019-04-19T16:20:15.989741Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T04:14:16.419Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-202202-1477
Vulnerability from variot
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. Vendors may IBM X-Force ID: 218368 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one appliance for rapidly deploying enterprise-class messaging middleware
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-1477", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.2.0.5", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.2.0", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.2.5", }, { model: "mq appliance", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.2 lts", }, { model: "mq appliance", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, { model: "mq appliance", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.2 cd", }, { model: "mq appliance cd", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.2", }, { model: "mq appliance lts", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.2", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-51680", }, { db: "JVNDB", id: "JVNDB-2022-006841", }, { db: "NVD", id: "CVE-2022-22321", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.2.0.5", versionStartIncluding: "9.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.2.5", versionStartIncluding: "9.2.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-22321", }, ], }, cve: "CVE-2022-22321", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 2.1, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2022-22321", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.9, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CNVD-2022-51680", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "LOCAL", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.4, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "None", baseScore: 5.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-22321", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-22321", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2022-22321", trust: 1, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2022-51680", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202202-2176", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2022-22321", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-51680", }, { db: "VULMON", id: "CVE-2022-22321", }, { db: "JVNDB", id: "JVNDB-2022-006841", }, { db: "CNNVD", id: "CNNVD-202202-2176", }, { db: "NVD", id: "CVE-2022-22321", }, { db: "NVD", id: "CVE-2022-22321", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. Vendors may IBM X-Force ID: 218368 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one appliance for rapidly deploying enterprise-class messaging middleware", sources: [ { db: "NVD", id: "CVE-2022-22321", }, { db: "JVNDB", id: "JVNDB-2022-006841", }, { db: "CNVD", id: "CNVD-2022-51680", }, { db: "VULMON", id: "CVE-2022-22321", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-22321", trust: 3.9, }, { db: "JVNDB", id: "JVNDB-2022-006841", trust: 0.8, }, { db: "CNVD", id: "CNVD-2022-51680", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.0853", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-2176", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-22321", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-51680", }, { db: "VULMON", id: "CVE-2022-22321", }, { db: "JVNDB", id: "JVNDB-2022-006841", }, { db: "CNNVD", id: "CNNVD-202202-2176", }, { db: "NVD", id: "CVE-2022-22321", }, ], }, id: "VAR-202202-1477", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-51680", }, ], trust: 0.99285713, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-51680", }, ], }, last_update_date: "2024-02-13T23:04:54.364000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6560042 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6560042", }, { title: "Patch for IBM MQ Appliance Information Disclosure Vulnerability (CNVD-2022-51680)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/339966", }, { title: "IBM MQ Appliance Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=184361", }, { title: "CVE-2022-XXXX", trust: 0.1, url: "https://github.com/alphabugx/cve-2022-23305 ", }, { title: "CVE-2022-XXXX", trust: 0.1, url: "https://github.com/alphabugx/cve-2022-rce ", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-51680", }, { db: "VULMON", id: "CVE-2022-22321", }, { db: "JVNDB", id: "JVNDB-2022-006841", }, { db: "CNNVD", id: "CNNVD-202202-2176", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-326", trust: 1, }, { problemtype: "Inadequate protection of credentials (CWE-522) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-006841", }, { db: "NVD", id: "CVE-2022-22321", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6560042", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22321", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/ibm-mq-appliance-weak-encryption-via-password-hash-37667", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0853", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-22321/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/326.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/alphabugx/cve-2022-23305", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-51680", }, { db: "VULMON", id: "CVE-2022-22321", }, { db: "JVNDB", id: "JVNDB-2022-006841", }, { db: "CNNVD", id: "CNNVD-202202-2176", }, { db: "NVD", id: "CVE-2022-22321", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-51680", }, { db: "VULMON", id: "CVE-2022-22321", }, { db: "JVNDB", id: "JVNDB-2022-006841", }, { db: "CNNVD", id: "CNNVD-202202-2176", }, { db: "NVD", id: "CVE-2022-22321", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-15T00:00:00", db: "CNVD", id: "CNVD-2022-51680", }, { date: "2022-03-01T00:00:00", db: "VULMON", id: "CVE-2022-22321", }, { date: "2023-07-10T00:00:00", db: "JVNDB", id: "JVNDB-2022-006841", }, { date: "2022-02-28T00:00:00", db: "CNNVD", id: "CNNVD-202202-2176", }, { date: "2022-03-01T17:15:08.073000", db: "NVD", id: "CVE-2022-22321", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-15T00:00:00", db: "CNVD", id: "CNVD-2022-51680", }, { date: "2023-08-08T00:00:00", db: "VULMON", id: "CVE-2022-22321", }, { date: "2023-07-10T07:14:00", db: "JVNDB", id: "JVNDB-2022-006841", }, { date: "2022-03-10T00:00:00", db: "CNNVD", id: "CNNVD-202202-2176", }, { date: "2023-08-08T14:22:24.967000", db: "NVD", id: "CVE-2022-22321", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-2176", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ Appliance Vulnerability regarding insufficient protection of authentication information in", sources: [ { db: "JVNDB", id: "JVNDB-2022-006841", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202202-2176", }, ], trust: 0.6, }, }
var-201806-0788
Vulnerability from variot
IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598. IBM WebSphere MQ Contains a certificate validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 142598 It is released as.Information may be obtained. Multiple IBM Products are prone to an information-disclosure vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0788", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "websphere mq", scope: "eq", trust: 2.4, vendor: "ibm", version: "8.0", }, { model: "websphere mq", scope: "eq", trust: 2.4, vendor: "ibm", version: "9.0", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.9", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.8", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.7", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.3", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.0", }, { model: "websphere mq", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.0.0.10", }, { model: "mq", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.0.0.4", }, ], sources: [ { db: "BID", id: "104587", }, { db: "JVNDB", id: "JVNDB-2018-007018", }, { db: "CNNVD", id: "CNNVD-201806-1351", }, { db: "NVD", id: "CVE-2018-1543", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-1543", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM.", sources: [ { db: "BID", id: "104587", }, ], trust: 0.3, }, cve: "CVE-2018-1543", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2018-1543", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 1.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "High", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.9, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2018-1543", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 1.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-1543", trust: 1.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-201806-1351", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-007018", }, { db: "CNNVD", id: "CNNVD-201806-1351", }, { db: "NVD", id: "CVE-2018-1543", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598. IBM WebSphere MQ Contains a certificate validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 142598 It is released as.Information may be obtained. Multiple IBM Products are prone to an information-disclosure vulnerability", sources: [ { db: "NVD", id: "CVE-2018-1543", }, { db: "JVNDB", id: "JVNDB-2018-007018", }, { db: "BID", id: "104587", }, ], trust: 1.89, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-1543", trust: 2.7, }, { db: "JVNDB", id: "JVNDB-2018-007018", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201806-1351", trust: 0.6, }, { db: "BID", id: "104587", trust: 0.3, }, ], sources: [ { db: "BID", id: "104587", }, { db: "JVNDB", id: "JVNDB-2018-007018", }, { db: "CNNVD", id: "CNNVD-201806-1351", }, { db: "NVD", id: "CVE-2018-1543", }, ], }, id: "VAR-201806-0788", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.27272728, }, last_update_date: "2022-05-04T10:00:41.934000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "2016346", trust: 0.8, url: "https://www-01.ibm.com/support/docview.wss?uid=swg22016346", }, { title: "IBM WebSphere MQ Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81608", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-007018", }, { db: "CNNVD", id: "CNNVD-201806-1351", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-295", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-007018", }, { db: "NVD", id: "CVE-2018-1543", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://www.ibm.com/support/docview.wss?uid=swg22016346", }, { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142598", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1543", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1543", }, { trust: 0.3, url: "http://www.ibm.com/", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg22016346", }, ], sources: [ { db: "BID", id: "104587", }, { db: "JVNDB", id: "JVNDB-2018-007018", }, { db: "CNNVD", id: "CNNVD-201806-1351", }, { db: "NVD", id: "CVE-2018-1543", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "104587", }, { db: "JVNDB", id: "JVNDB-2018-007018", }, { db: "CNNVD", id: "CNNVD-201806-1351", }, { db: "NVD", id: "CVE-2018-1543", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-05-22T00:00:00", db: "BID", id: "104587", }, { date: "2018-09-06T00:00:00", db: "JVNDB", id: "JVNDB-2018-007018", }, { date: "2018-06-28T00:00:00", db: "CNNVD", id: "CNNVD-201806-1351", }, { date: "2018-06-27T18:29:00", db: "NVD", id: "CVE-2018-1543", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-05-22T00:00:00", db: "BID", id: "104587", }, { date: "2018-09-06T00:00:00", db: "JVNDB", id: "JVNDB-2018-007018", }, { date: "2019-10-17T00:00:00", db: "CNNVD", id: "CNNVD-201806-1351", }, { date: "2019-10-09T23:38:00", db: "NVD", id: "CVE-2018-1543", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201806-1351", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM WebSphere MQ Vulnerabilities related to certificate validation", sources: [ { db: "JVNDB", id: "JVNDB-2018-007018", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "trust management problem", sources: [ { db: "CNNVD", id: "CNNVD-201806-1351", }, ], trust: 0.6, }, }
var-202102-0826
Vulnerability from variot
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware.
There is a security vulnerability in the IBM MQ Appliance. Attackers can use this vulnerability to trigger a fatal error through the AMQP channel of the IBM MQ appliance, thereby triggering a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0826", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.1.0", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.1.0.0", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.2.0.0", }, { model: "mq appliance", scope: null, trust: 0.6, vendor: "ibm", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-12640", }, { db: "NVD", id: "CVE-2020-4931", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-4931", }, ], }, cve: "CVE-2020-4931", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CNVD-2021-12640", impactScore: 6.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-4931", trust: 1, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2020-4931", trust: 1, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2021-12640", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202102-1508", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-12640", }, { db: "NVD", id: "CVE-2020-4931", }, { db: "NVD", id: "CVE-2020-4931", }, { db: "CNNVD", id: "CNNVD-202102-1508", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. \n\r\n\r\nThere is a security vulnerability in the IBM MQ Appliance. Attackers can use this vulnerability to trigger a fatal error through the AMQP channel of the IBM MQ appliance, thereby triggering a denial of service", sources: [ { db: "NVD", id: "CVE-2020-4931", }, { db: "CNVD", id: "CNVD-2021-12640", }, ], trust: 1.44, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-4931", trust: 2.2, }, { db: "CNVD", id: "CNVD-2021-12640", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202102-1508", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-12640", }, { db: "NVD", id: "CVE-2020-4931", }, { db: "CNNVD", id: "CNNVD-202102-1508", }, ], }, id: "VAR-202102-0826", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-12640", }, ], trust: 0.06, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-12640", }, ], }, last_update_date: "2023-12-18T12:49:20.122000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for IBM MQ Appliance Denial of Service Vulnerability (CNVD-2021-12640)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/249166", }, { title: "IBM MQ Appliance Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142521", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-12640", }, { db: "CNNVD", id: "CNNVD-202102-1508", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2020-4931", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747", }, { trust: 1.6, url: "https://www.ibm.com/support/pages/node/6403295", }, { trust: 1.2, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4931/", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2020-4931", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-amqp-channels-34652", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-amqp-channels-could-allow-an-authenticated-user-to-cause-a-denial-of-service-due-to-an-issue-processing-messages-cve-2020-4931/", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-12640", }, { db: "NVD", id: "CVE-2020-4931", }, { db: "CNNVD", id: "CNNVD-202102-1508", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-12640", }, { db: "NVD", id: "CVE-2020-4931", }, { db: "CNNVD", id: "CNNVD-202102-1508", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-25T00:00:00", db: "CNVD", id: "CNVD-2021-12640", }, { date: "2021-02-24T18:15:12.797000", db: "NVD", id: "CVE-2020-4931", }, { date: "2021-02-23T00:00:00", db: "CNNVD", id: "CNNVD-202102-1508", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-26T00:00:00", db: "CNVD", id: "CNVD-2021-12640", }, { date: "2021-03-01T16:35:15.377000", db: "NVD", id: "CVE-2020-4931", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202102-1508", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202102-1508", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ Appliance Denial of Service Vulnerability (CNVD-2021-12640)", sources: [ { db: "CNVD", id: "CNVD-2021-12640", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202102-1508", }, ], trust: 0.6, }, }
var-202001-0210
Vulnerability from variot
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 168639 Published as.Denial of service operation (DoS) May be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0210", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mq appliance", scope: "lt", trust: 1, vendor: "ibm", version: "8.0.0.14", }, { model: "mq appliance", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.0.4", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.0.4", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.0.0.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0", }, { model: "mq appliance", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.4", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.4", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0.0", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.0.0.8", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "8.0.0.14", }, { model: "mq", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, { model: "mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "appliance", }, { model: "mq appliance", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014394", }, { db: "NVD", id: "CVE-2019-4614", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.0.0.8", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.0.0.8", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-4614", }, ], }, cve: "CVE-2019-4614", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 4, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-4614", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 1.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2019-4614", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-4614", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-4614", trust: 1.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202001-1260", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014394", }, { db: "CNNVD", id: "CNNVD-202001-1260", }, { db: "NVD", id: "CVE-2019-4614", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 168639 Published as.Denial of service operation (DoS) May be in a state", sources: [ { db: "NVD", id: "CVE-2019-4614", }, { db: "JVNDB", id: "JVNDB-2019-014394", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-4614", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2019-014394", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2020.0266", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202001-1260", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014394", }, { db: "CNNVD", id: "CNNVD-202001-1260", }, { db: "NVD", id: "CVE-2019-4614", }, ], }, id: "VAR-202001-0210", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.22222222, }, last_update_date: "2022-05-04T07:01:18.851000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "1106523 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/1106523", }, { title: "IBM MQ and IBM MQ Appliance Enter the fix for the verification error vulnerability", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=109435", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014394", }, { db: "CNNVD", id: "CNNVD-202001-1260", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014394", }, { db: "NVD", id: "CVE-2019-4614", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639", }, { trust: 1.6, url: "https://www.ibm.com/support/pages/node/1106523", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-4614", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1125897", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1135023", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1125891", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1127031", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.0266/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-caused-by-converting-an-invalid-message-cve-2019-4614/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-invalid-message-31428", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-multiple-vulnerabilities-within-ibm-mq-cve-2019-4655-cve-2019-4560-cve-2019-4614-cve-2019-4620/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-affected-by-ibm-mq-vulnerability-cve-2019-4614/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014394", }, { db: "CNNVD", id: "CNNVD-202001-1260", }, { db: "NVD", id: "CVE-2019-4614", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2019-014394", }, { db: "CNNVD", id: "CNNVD-202001-1260", }, { db: "NVD", id: "CVE-2019-4614", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-14T00:00:00", db: "JVNDB", id: "JVNDB-2019-014394", }, { date: "2020-01-28T00:00:00", db: "CNNVD", id: "CNNVD-202001-1260", }, { date: "2020-01-28T19:15:00", db: "NVD", id: "CVE-2019-4614", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-14T00:00:00", db: "JVNDB", id: "JVNDB-2019-014394", }, { date: "2020-05-21T00:00:00", db: "CNNVD", id: "CNNVD-202001-1260", }, { date: "2021-07-21T11:39:00", db: "NVD", id: "CVE-2019-4614", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202001-1260", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ and MQ Appliance Input validation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2019-014394", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202001-1260", }, ], trust: 0.6, }, }
var-201712-0082
Vulnerability from variot
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803. IBM WebSphere MQ Contains a data processing vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 127803 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to restart the affected process, denying service to legitimate users
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0082", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "websphere mq", scope: "eq", trust: 2.4, vendor: "ibm", version: "7.5", }, { model: "websphere mq", scope: "eq", trust: 2.4, vendor: "ibm", version: "8.0", }, { model: "websphere mq", scope: "eq", trust: 1.8, vendor: "ibm", version: "9.0", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "7.5.0.3", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "7.5.0.6", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "7.5.0.7", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "7.5.0.8", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "7.5.0.1", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "7.5.0.5", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "7.5.0.2", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "7.5.0.4", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.7", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.5", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.6", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.3", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.4", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.2", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.1", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.0.1", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, ], sources: [ { db: "BID", id: "102163", }, { db: "JVNDB", id: "JVNDB-2017-010933", }, { db: "CNNVD", id: "CNNVD-201712-221", }, { db: "NVD", id: "CVE-2017-1433", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-1433", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported the issue.", sources: [ { db: "BID", id: "102163", }, ], trust: 0.3, }, cve: "CVE-2017-1433", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 4, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-1433", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 1.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-1433", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 1.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-1433", trust: 1.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-201712-221", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-010933", }, { db: "CNNVD", id: "CNNVD-201712-221", }, { db: "NVD", id: "CVE-2017-1433", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803. IBM WebSphere MQ Contains a data processing vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 127803 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to restart the affected process, denying service to legitimate users", sources: [ { db: "NVD", id: "CVE-2017-1433", }, { db: "JVNDB", id: "JVNDB-2017-010933", }, { db: "BID", id: "102163", }, ], trust: 1.89, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-1433", trust: 2.7, }, { db: "BID", id: "102163", trust: 1.9, }, { db: "JVNDB", id: "JVNDB-2017-010933", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201712-221", trust: 0.6, }, ], sources: [ { db: "BID", id: "102163", }, { db: "JVNDB", id: "JVNDB-2017-010933", }, { db: "CNNVD", id: "CNNVD-201712-221", }, { db: "NVD", id: "CVE-2017-1433", }, ], }, id: "VAR-201712-0082", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.27272728, }, last_update_date: "2022-05-04T09:04:17.734000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "2005525", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg22005525", }, { title: "IBM WebSphere MQ Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77000", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-010933", }, { db: "CNNVD", id: "CNNVD-201712-221", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-19", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-010933", }, { db: "NVD", id: "CVE-2017-1433", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803", }, { trust: 1.6, url: "https://www.ibm.com/support/docview.wss?uid=swg22005525", }, { trust: 1.6, url: "https://www.securityfocus.com/bid/102163", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1433", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-1433", }, { trust: 0.3, url: "http://www.ibm.com/", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg22005525", }, ], sources: [ { db: "BID", id: "102163", }, { db: "JVNDB", id: "JVNDB-2017-010933", }, { db: "CNNVD", id: "CNNVD-201712-221", }, { db: "NVD", id: "CVE-2017-1433", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "102163", }, { db: "JVNDB", id: "JVNDB-2017-010933", }, { db: "CNNVD", id: "CNNVD-201712-221", }, { db: "NVD", id: "CVE-2017-1433", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-12-07T00:00:00", db: "BID", id: "102163", }, { date: "2017-12-27T00:00:00", db: "JVNDB", id: "JVNDB-2017-010933", }, { date: "2017-12-08T00:00:00", db: "CNNVD", id: "CNNVD-201712-221", }, { date: "2017-12-07T15:29:00", db: "NVD", id: "CVE-2017-1433", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-12-19T22:38:00", db: "BID", id: "102163", }, { date: "2017-12-27T00:00:00", db: "JVNDB", id: "JVNDB-2017-010933", }, { date: "2019-10-23T00:00:00", db: "CNNVD", id: "CNNVD-201712-221", }, { date: "2019-10-03T00:03:00", db: "NVD", id: "CVE-2017-1433", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201712-221", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM WebSphere MQ Data processing vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2017-010933", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "lack of information", sources: [ { db: "CNNVD", id: "CNNVD-201712-221", }, ], trust: 0.6, }, }
var-202003-0592
Vulnerability from variot
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0592", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0.0", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.0.4", }, { model: "websphere mq", scope: "lte", trust: 1, vendor: "ibm", version: "7.5.0.9", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.0.0.0", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0.0", }, { model: "mq appliance", scope: "lt", trust: 1, vendor: "ibm", version: "8.0.0.14", }, { model: "mq appliance", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.0.4", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.4", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "mq appliance", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.4", }, { model: "websphere mq", scope: "gte", trust: 1, vendor: "ibm", version: "7.1.0.0", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "8.0.0.14", }, { model: "mq", scope: "lte", trust: 1, vendor: "ibm", version: "9.0.0.9", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "mq", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "mq appliance", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "websphere mq", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "mq appliance", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0", }, { model: "mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0", }, { model: "mq appliance cd", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1", }, { model: "mq appliance lts", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1", }, { model: "mq lts", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1", }, { model: "mq cd", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1", }, { model: "mq lts", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.0", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-17505", }, { db: "JVNDB", id: "JVNDB-2019-014905", }, { db: "NVD", id: "CVE-2019-4719", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.9", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "7.5.0.9", versionStartIncluding: "7.1.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-4719", }, ], }, cve: "CVE-2019-4719", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 2.1, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-014905", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CNVD-2020-17505", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "LOCAL", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.4, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "None", baseScore: 5.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-014905", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-4719", trust: 1, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2019-4719", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-014905", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-17505", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202003-904", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-17505", }, { db: "JVNDB", id: "JVNDB-2019-014905", }, { db: "NVD", id: "CVE-2019-4719", }, { db: "NVD", id: "CVE-2019-4719", }, { db: "CNNVD", id: "CNNVD-202003-904", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware", sources: [ { db: "NVD", id: "CVE-2019-4719", }, { db: "JVNDB", id: "JVNDB-2019-014905", }, { db: "CNVD", id: "CNVD-2020-17505", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-4719", trust: 3, }, { db: "JVNDB", id: "JVNDB-2019-014905", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-17505", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2023.4106", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202003-904", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-17505", }, { db: "JVNDB", id: "JVNDB-2019-014905", }, { db: "NVD", id: "CVE-2019-4719", }, { db: "CNNVD", id: "CNNVD-202003-904", }, ], }, id: "VAR-202003-0592", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-17505", }, ], trust: 0.99285713, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-17505", }, ], }, last_update_date: "2023-12-18T10:49:44.118000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "1136608", trust: 0.8, url: "https://www.ibm.com/support/pages/node/1136608", }, { title: "ibm-mq-cve20194719-info-disc (172124)", trust: 0.8, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124", }, { title: "Patch for IBM MQ and IBM MQ Appliance information disclosure vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/209203", }, { title: "IBM MQ and IBM MQ Appliance Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=112529", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-17505", }, { db: "JVNDB", id: "JVNDB-2019-014905", }, { db: "CNNVD", id: "CNNVD-202003-904", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-200", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014905", }, { db: "NVD", id: "CVE-2019-4719", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.2, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124", }, { trust: 1.6, url: "https://www.ibm.com/support/pages/node/1136608", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-4719", }, { trust: 1.2, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-cve-2019-4719/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4719", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-cve-2019-4719/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.4106", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-17505", }, { db: "JVNDB", id: "JVNDB-2019-014905", }, { db: "NVD", id: "CVE-2019-4719", }, { db: "CNNVD", id: "CNNVD-202003-904", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-17505", }, { db: "JVNDB", id: "JVNDB-2019-014905", }, { db: "NVD", id: "CVE-2019-4719", }, { db: "CNNVD", id: "CNNVD-202003-904", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-03-18T00:00:00", db: "CNVD", id: "CNVD-2020-17505", }, { date: "2020-03-27T00:00:00", db: "JVNDB", id: "JVNDB-2019-014905", }, { date: "2020-03-16T16:15:12.750000", db: "NVD", id: "CVE-2019-4719", }, { date: "2020-03-13T00:00:00", db: "CNNVD", id: "CNNVD-202003-904", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-03-18T00:00:00", db: "CNVD", id: "CNVD-2020-17505", }, { date: "2020-03-27T00:00:00", db: "JVNDB", id: "JVNDB-2019-014905", }, { date: "2020-08-24T17:37:01.140000", db: "NVD", id: "CVE-2019-4719", }, { date: "2023-07-21T00:00:00", db: "CNNVD", id: "CNNVD-202003-904", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202003-904", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ and IBM MQ Appliance information disclosure vulnerability", sources: [ { db: "CNVD", id: "CNVD-2020-17505", }, { db: "CNNVD", id: "CNNVD-202003-904", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202003-904", }, ], trust: 0.6, }, }
var-201811-0107
Vulnerability from variot
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947. Vendors have confirmed this vulnerability IBM X-Force ID: 148947 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attackers may exploit these issues to execute arbitrary-code with root privileges
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0107", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "websphere mq", scope: "eq", trust: 2.4, vendor: "ibm", version: "9.1.0.0", }, { model: "websphere mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.0.1", }, { model: "websphere mq", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "websphere mq", scope: "lte", trust: 1, vendor: "ibm", version: "9.0.5", }, { model: "websphere mq", scope: "lte", trust: 1, vendor: "ibm", version: "8.0.0.10", }, { model: "websphere mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.0.0.0", }, { model: "websphere mq", scope: "lte", trust: 1, vendor: "ibm", version: "9.0.0.5", }, { model: "websphere mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "8.0.0.0 to 8.0.0.10", }, { model: "websphere mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.0.0.0 to 9.0.0.5", }, { model: "websphere mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.0.1 to 9.0.5", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.0.0.1", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.0.3", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0.0.6", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0.0.4", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0.0.3", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0.0.2", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.0.4", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0.0.7", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0.0.5", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.5", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.3", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.2", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.3", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.1", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.0", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.9", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.7", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.6", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "mq", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.1", }, ], sources: [ { db: "BID", id: "105936", }, { db: "JVNDB", id: "JVNDB-2018-011726", }, { db: "NVD", id: "CVE-2018-1792", }, { db: "CNNVD", id: "CNNVD-201811-278", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.0.0.10", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.5", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.5", versionStartIncluding: "9.0.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-1792", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Rich Mirch", sources: [ { db: "BID", id: "105936", }, ], trust: 0.3, }, cve: "CVE-2018-1792", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2018-1792", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2018-1792", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-1792", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2018-1792", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201811-278", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-1792", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2018-1792", }, { db: "JVNDB", id: "JVNDB-2018-011726", }, { db: "NVD", id: "CVE-2018-1792", }, { db: "NVD", id: "CVE-2018-1792", }, { db: "CNNVD", id: "CNNVD-201811-278", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947. Vendors have confirmed this vulnerability IBM X-Force ID: 148947 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nAn attackers may exploit these issues to execute arbitrary-code with root privileges", sources: [ { db: "NVD", id: "CVE-2018-1792", }, { db: "JVNDB", id: "JVNDB-2018-011726", }, { db: "BID", id: "105936", }, { db: "VULMON", id: "CVE-2018-1792", }, ], trust: 1.98, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-1792", trust: 2.8, }, { db: "BID", id: "105936", trust: 2, }, { db: "JVNDB", id: "JVNDB-2018-011726", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2019.0782", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.3122", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.4784", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201811-278", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-1792", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2018-1792", }, { db: "BID", id: "105936", }, { db: "JVNDB", id: "JVNDB-2018-011726", }, { db: "NVD", id: "CVE-2018-1792", }, { db: "CNNVD", id: "CNNVD-201811-278", }, ], }, id: "VAR-201811-0107", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.39285713, }, last_update_date: "2023-12-18T11:28:18.821000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "0734447", trust: 0.8, url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10734447", }, { title: "ibm-websphere-cve20181792-priv-escalation (148947)", trust: 0.8, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947", }, { title: "IBM MQ Repair measures for library security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86718", }, { title: "IBM: IBM Security Bulletin: IBM MQ could allow a local user to inject code that could be executed with root privileges. (CVE-2018-1998)", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=72465d2f99054ba61ae311541ab96ff0", }, { title: "IBM: IBM Security Bulletin: Multiple IBM MQ Security Vulnerabilities Affect IBM Sterling B2B Integrator", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=12d49a0da922bc87e2a67d963391d2c3", }, { title: "security-research", trust: 0.1, url: "https://github.com/mirchr/security-research ", }, ], sources: [ { db: "VULMON", id: "CVE-2018-1792", }, { db: "JVNDB", id: "JVNDB-2018-011726", }, { db: "CNNVD", id: "CNNVD-201811-278", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-94", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-011726", }, { db: "NVD", id: "CVE-2018-1792", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "http://www.securityfocus.com/bid/105936", }, { trust: 1.7, url: "https://www.ibm.com/support/docview.wss?uid=ibm10734447", }, { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1792", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1792", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1137634", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1115109", }, { trust: 0.6, url: "https://www.ibm.com/support/docview.wss?uid=ibm10967151", }, { trust: 0.6, url: "http://www.ibm.com/support/docview.wss", }, { trust: 0.6, url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10967151", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1115031", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/76906", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.3122/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.4784/", }, { trust: 0.3, url: "http://www.ibm.com", }, { trust: 0.3, url: "http://www-4.ibm.com/software/webservers/appserv/", }, { trust: 0.3, url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10734447", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/94.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-could-allow-a-local-user-to-inject-code-that-could-be-executed-with-root-privileges-cve-2018-1998/", }, { trust: 0.1, url: "https://github.com/mirchr/security-research", }, ], sources: [ { db: "VULMON", id: "CVE-2018-1792", }, { db: "BID", id: "105936", }, { db: "JVNDB", id: "JVNDB-2018-011726", }, { db: "NVD", id: "CVE-2018-1792", }, { db: "CNNVD", id: "CNNVD-201811-278", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2018-1792", }, { db: "BID", id: "105936", }, { db: "JVNDB", id: "JVNDB-2018-011726", }, { db: "NVD", id: "CVE-2018-1792", }, { db: "CNNVD", id: "CNNVD-201811-278", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-11-13T00:00:00", db: "VULMON", id: "CVE-2018-1792", }, { date: "2018-11-12T00:00:00", db: "BID", id: "105936", }, { date: "2019-01-21T00:00:00", db: "JVNDB", id: "JVNDB-2018-011726", }, { date: "2018-11-13T15:29:00.373000", db: "NVD", id: "CVE-2018-1792", }, { date: "2018-11-12T00:00:00", db: "CNNVD", id: "CNNVD-201811-278", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-10-09T00:00:00", db: "VULMON", id: "CVE-2018-1792", }, { date: "2018-11-12T00:00:00", db: "BID", id: "105936", }, { date: "2019-01-21T00:00:00", db: "JVNDB", id: "JVNDB-2018-011726", }, { date: "2019-10-09T23:39:06.337000", db: "NVD", id: "CVE-2018-1792", }, { date: "2019-12-24T00:00:00", db: "CNNVD", id: "CNNVD-201811-278", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "BID", id: "105936", }, { db: "CNNVD", id: "CNNVD-201811-278", }, ], trust: 0.9, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM WebSphere MQ Code injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-011726", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code injection", sources: [ { db: "CNNVD", id: "CNNVD-201811-278", }, ], trust: 0.6, }, }
var-201801-0212
Vulnerability from variot
IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953. Vendors have confirmed this vulnerability IBM X-Force ID: 132953 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IBM WebSphere MQ is prone to a local privilege-escalation vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code with elevated privileges
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0212", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "websphere mq", scope: "eq", trust: 1.9, vendor: "ibm", version: "7.0.1.5", }, { model: "websphere mq", scope: "eq", trust: 1.9, vendor: "ibm", version: "7.0.1.11", }, { model: "websphere mq", scope: "eq", trust: 1.9, vendor: "ibm", version: "7.0.1.10", }, { model: "websphere mq", scope: "eq", trust: 1.8, vendor: "ibm", version: "7.5", }, { model: "websphere mq", scope: "eq", trust: 1.8, vendor: "ibm", version: "8.0", }, { model: "websphere mq", scope: "eq", trust: 1.8, vendor: "ibm", version: "9.0", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "8.0.0.6", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "7.0.1.4", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "7.0.1.9", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "7.0.1.8", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "7.0.1.6", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "8.0.0.7", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "7.0.1.7", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.0.1.2", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.5.0.7", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.5.0.6", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.5.0.5", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.5.0.4", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.5.0.2", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.5.0.1", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.1.0.8", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.1.0.7", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.1.0.6", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.1.0.5", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.1.0.4", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.1.0.3", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.0.1.3", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.0.1.14", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.0.1.13", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.0.1.12", }, { model: "websphere mq", scope: "eq", trust: 1.3, vendor: "ibm", version: "7.0.1.0", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.3", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.5", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.1.0.1", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.5.0.8", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.5.0.3", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.1.0.0", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.1.0", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.0.1", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.4", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.1.0.2", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.2.0", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.0.1.1", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.1", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.3.0", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.2", }, { model: "websphere mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "7.0", }, { model: "websphere mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "7.1", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.3", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.2", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.1", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.0", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.7", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.6", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "websphere mq", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.1.0.9", }, { model: "mq cd", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.0.4", }, { model: "mq lts", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.0.0.2", }, { model: "mq", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.0.0.8", }, ], sources: [ { db: "BID", id: "102479", }, { db: "JVNDB", id: "JVNDB-2018-001399", }, { db: "NVD", id: "CVE-2017-1612", }, { db: "CNNVD", id: "CNNVD-201801-336", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.13:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.14:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.0.1.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.1.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.1.0.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.1.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.1.0.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.1.0.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.1.0.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-1612", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM", sources: [ { db: "BID", id: "102479", }, ], trust: 0.3, }, cve: "CVE-2017-1612", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.6, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2017-1612", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2017-1612", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-1612", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201801-336", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-001399", }, { db: "NVD", id: "CVE-2017-1612", }, { db: "CNNVD", id: "CNNVD-201801-336", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953. Vendors have confirmed this vulnerability IBM X-Force ID: 132953 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IBM WebSphere MQ is prone to a local privilege-escalation vulnerability. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code with elevated privileges", sources: [ { db: "NVD", id: "CVE-2017-1612", }, { db: "JVNDB", id: "JVNDB-2018-001399", }, { db: "BID", id: "102479", }, ], trust: 1.89, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-1612", trust: 2.7, }, { db: "BID", id: "102479", trust: 1.9, }, { db: "SECTRACK", id: "1040175", trust: 1.6, }, { db: "JVNDB", id: "JVNDB-2018-001399", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201801-336", trust: 0.6, }, ], sources: [ { db: "BID", id: "102479", }, { db: "JVNDB", id: "JVNDB-2018-001399", }, { db: "NVD", id: "CVE-2017-1612", }, { db: "CNNVD", id: "CNNVD-201801-336", }, ], }, id: "VAR-201801-0212", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.39285713, }, last_update_date: "2023-12-18T13:08:36.125000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "2009918", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg22009918", }, { title: "IBM MQ service trace Fixes for module permissions licensing and access control vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77606", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-001399", }, { db: "CNNVD", id: "CNNVD-201801-336", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-264", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-001399", }, { db: "NVD", id: "CVE-2017-1612", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "http://www.ibm.com/support/docview.wss?uid=swg22009918", }, { trust: 1.6, url: "http://www.securityfocus.com/bid/102479", }, { trust: 1.6, url: "http://www.securitytracker.com/id/1040175", }, { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1612", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-1612", }, { trust: 0.3, url: "http://www.ibm.com", }, { trust: 0.3, url: "http://www-4.ibm.com/software/webservers/appserv/", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg22009918", }, ], sources: [ { db: "BID", id: "102479", }, { db: "JVNDB", id: "JVNDB-2018-001399", }, { db: "NVD", id: "CVE-2017-1612", }, { db: "CNNVD", id: "CNNVD-201801-336", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "102479", }, { db: "JVNDB", id: "JVNDB-2018-001399", }, { db: "NVD", id: "CVE-2017-1612", }, { db: "CNNVD", id: "CNNVD-201801-336", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-01-03T00:00:00", db: "BID", id: "102479", }, { date: "2018-02-14T00:00:00", db: "JVNDB", id: "JVNDB-2018-001399", }, { date: "2018-01-09T20:29:00.287000", db: "NVD", id: "CVE-2017-1612", }, { date: "2018-01-10T00:00:00", db: "CNNVD", id: "CNNVD-201801-336", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-01-03T00:00:00", db: "BID", id: "102479", }, { date: "2018-02-14T00:00:00", db: "JVNDB", id: "JVNDB-2018-001399", }, { date: "2019-10-03T00:03:26.223000", db: "NVD", id: "CVE-2017-1612", }, { date: "2019-10-23T00:00:00", db: "CNNVD", id: "CNNVD-201801-336", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "BID", id: "102479", }, { db: "CNNVD", id: "CNNVD-201801-336", }, ], trust: 0.9, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM WebSphere MQ Vulnerabilities related to authorization, permissions, and access control", sources: [ { db: "JVNDB", id: "JVNDB-2018-001399", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "permissions and access control issues", sources: [ { db: "CNNVD", id: "CNNVD-201801-336", }, ], trust: 0.6, }, }
var-201801-0385
Vulnerability from variot
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. IBM WebSphere MQ Contains an access control vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 131547 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0385", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "websphere mq", scope: "eq", trust: 2.4, vendor: "ibm", version: "9.0", }, { model: "websphere mq", scope: "eq", trust: 1.8, vendor: "ibm", version: "8.0", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "9.0.2", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "9.0.3", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "8.0.0.3", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "8.0.0.6", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "8.0.0.5", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "8.0.0.7", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "9.0.0.1", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "9.0.1", }, { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "8.0.0.2", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.1", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.4", }, { model: "mq appliance cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.3", }, { model: "mq appliance cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.7", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.6", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.3", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.1", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.0", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.7", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.6", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "mq appliance", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.0.0.8", }, { model: "mq", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.0.4", }, { model: "mq", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.0.0.2", }, { model: "mq", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.0.0.8", }, ], sources: [ { db: "BID", id: "102418", }, { db: "JVNDB", id: "JVNDB-2017-011805", }, { db: "NVD", id: "CVE-2017-1557", }, { db: "CNNVD", id: "CNNVD-201801-077", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-1557", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported the issue.", sources: [ { db: "BID", id: "102418", }, ], trust: 0.3, }, cve: "CVE-2017-1557", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 4, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-1557", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "Low", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-1557", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-1557", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201801-077", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-011805", }, { db: "NVD", id: "CVE-2017-1557", }, { db: "CNNVD", id: "CNNVD-201801-077", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. IBM WebSphere MQ Contains an access control vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 131547 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial-of-service condition", sources: [ { db: "NVD", id: "CVE-2017-1557", }, { db: "JVNDB", id: "JVNDB-2017-011805", }, { db: "BID", id: "102418", }, ], trust: 1.89, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-1557", trust: 2.7, }, { db: "BID", id: "102418", trust: 1.9, }, { db: "JVNDB", id: "JVNDB-2017-011805", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201801-077", trust: 0.6, }, ], sources: [ { db: "BID", id: "102418", }, { db: "JVNDB", id: "JVNDB-2017-011805", }, { db: "NVD", id: "CVE-2017-1557", }, { db: "CNNVD", id: "CNNVD-201801-077", }, ], }, id: "VAR-201801-0385", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.39285713, }, last_update_date: "2023-12-18T13:29:02.502000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "2004378", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg22004378", }, { title: "IBM WebSphere MQ Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77425", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-011805", }, { db: "CNNVD", id: "CNNVD-201801-077", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-284", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-011805", }, { db: "NVD", id: "CVE-2017-1557", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "http://www.ibm.com/support/docview.wss?uid=swg22004378", }, { trust: 1.6, url: "http://www.securityfocus.com/bid/102418", }, { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1557", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-1557", }, { trust: 0.3, url: "http://www.ibm.com/", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg22004378", }, ], sources: [ { db: "BID", id: "102418", }, { db: "JVNDB", id: "JVNDB-2017-011805", }, { db: "NVD", id: "CVE-2017-1557", }, { db: "CNNVD", id: "CNNVD-201801-077", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "102418", }, { db: "JVNDB", id: "JVNDB-2017-011805", }, { db: "NVD", id: "CVE-2017-1557", }, { db: "CNNVD", id: "CNNVD-201801-077", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-01-02T00:00:00", db: "BID", id: "102418", }, { date: "2018-01-29T00:00:00", db: "JVNDB", id: "JVNDB-2017-011805", }, { date: "2018-01-02T17:29:01.070000", db: "NVD", id: "CVE-2017-1557", }, { date: "2018-01-03T00:00:00", db: "CNNVD", id: "CNNVD-201801-077", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-01-02T00:00:00", db: "BID", id: "102418", }, { date: "2018-01-29T00:00:00", db: "JVNDB", id: "JVNDB-2017-011805", }, { date: "2019-10-03T00:03:26.223000", db: "NVD", id: "CVE-2017-1557", }, { date: "2019-10-23T00:00:00", db: "CNNVD", id: "CNNVD-201801-077", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201801-077", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM WebSphere MQ Access control vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2017-011805", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "lack of information", sources: [ { db: "CNNVD", id: "CNNVD-201801-077", }, ], trust: 0.6, }, }
var-201912-0162
Vulnerability from variot
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966. IBM MQ Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 170966 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0162", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mq", scope: "eq", trust: 1.4, vendor: "ibm", version: "9.1.0.1", }, { model: "mq", scope: "eq", trust: 1.4, vendor: "ibm", version: "9.1.0.2", }, { model: "mq appliance", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.4", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.4", }, { model: "mq appliance", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.0.4", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.0.4", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0.0", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0", }, { model: "mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.1.0.0", }, { model: "mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.1.0.3", }, { model: "mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.1.1", }, { model: "mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.1.2", }, { model: "mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.1.3", }, { model: "mq appliance", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "mq appliance", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1.0.2", }, { model: "mq appliance", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1.0.4", }, { model: "mq appliance", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1.2", }, { model: "mq appliance", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1.0.0", }, { model: "mq appliance", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1.0.3", }, { model: "mq appliance", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1.3", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-013495", }, { db: "CNNVD", id: "CNNVD-201912-980", }, { db: "NVD", id: "CVE-2019-4655", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-4655", }, ], }, cve: "CVE-2019-4655", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 4, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-4655", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 1.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2019-4655", impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "Low", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-4655", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-4655", trust: 1.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-201912-980", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-013495", }, { db: "CNNVD", id: "CNNVD-201912-980", }, { db: "NVD", id: "CVE-2019-4655", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966. IBM MQ Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 170966 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state", sources: [ { db: "NVD", id: "CVE-2019-4655", }, { db: "JVNDB", id: "JVNDB-2019-013495", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-4655", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2019-013495", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201912-980", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-013495", }, { db: "CNNVD", id: "CNNVD-201912-980", }, { db: "NVD", id: "CVE-2019-4655", }, ], }, id: "VAR-201912-0162", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.22222222, }, last_update_date: "2022-05-04T10:00:09.088000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "1106529", trust: 0.8, url: "https://www.ibm.com/support/pages/node/1106529", }, { title: "ibm-mq-cve20194655-dos (170966)", trust: 0.8, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966", }, { title: "IBM MQ and IBM MQ Appliance Enter the fix for the verification error vulnerability", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=106392", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-013495", }, { db: "CNNVD", id: "CNNVD-201912-980", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-20", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-013495", }, { db: "NVD", id: "CVE-2019-4655", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966", }, { trust: 1.6, url: "https://www.ibm.com/support/pages/node/1106529", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-4655", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4655", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-data-conversion-fdc-31208", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-multiple-vulnerabilities-within-ibm-mq-cve-2019-4655-cve-2019-4560-cve-2019-4614-cve-2019-4620/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-013495", }, { db: "CNNVD", id: "CNNVD-201912-980", }, { db: "NVD", id: "CVE-2019-4655", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2019-013495", }, { db: "CNNVD", id: "CNNVD-201912-980", }, { db: "NVD", id: "CVE-2019-4655", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-01-08T00:00:00", db: "JVNDB", id: "JVNDB-2019-013495", }, { date: "2019-12-20T00:00:00", db: "CNNVD", id: "CNNVD-201912-980", }, { date: "2019-12-30T16:15:00", db: "NVD", id: "CVE-2019-4655", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-01-08T00:00:00", db: "JVNDB", id: "JVNDB-2019-013495", }, { date: "2020-02-27T00:00:00", db: "CNNVD", id: "CNNVD-201912-980", }, { date: "2021-07-21T11:39:00", db: "NVD", id: "CVE-2019-4655", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201912-980", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ Input validation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2019-013495", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-201912-980", }, ], trust: 0.6, }, }
var-202003-0589
Vulnerability from variot
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862. Vendor exploits this vulnerability IBM X-Force ID: 168862 It is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0589", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mq appliance", scope: "lt", trust: 1, vendor: "ibm", version: "8.0.0.14", }, { model: "mq appliance", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.0.4", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.0.4", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.0.0.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0", }, { model: "mq", scope: "lte", trust: 1, vendor: "ibm", version: "9.0.0.9", }, { model: "mq appliance", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.4", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.4", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0.0", }, { model: "websphere mq", scope: "lte", trust: 1, vendor: "ibm", version: "7.5.0.9", }, { model: "websphere mq", scope: "gte", trust: 1, vendor: "ibm", version: "7.1.0.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0.0", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "8.0.0.14", }, { model: "mq", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "mq appliance", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "websphere mq", scope: null, trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014903", }, { db: "NVD", id: "CVE-2019-4619", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.9", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "7.5.0.9", versionStartIncluding: "7.1.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.9", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "7.5.0.9", versionStartIncluding: "7.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-4619", }, ], }, cve: "CVE-2019-4619", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: null, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULMON", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2019-4619", impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "LOW", trust: 1.1, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 2.1, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-014903", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2019-4619", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "None", baseScore: 5.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-014903", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-4619", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-014903", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202003-899", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2019-4619", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2019-4619", }, { db: "JVNDB", id: "JVNDB-2019-014903", }, { db: "CNNVD", id: "CNNVD-202003-899", }, { db: "NVD", id: "CVE-2019-4619", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862. Vendor exploits this vulnerability IBM X-Force ID: 168862 It is published as.Information may be obtained", sources: [ { db: "NVD", id: "CVE-2019-4619", }, { db: "JVNDB", id: "JVNDB-2019-014903", }, { db: "VULMON", id: "CVE-2019-4619", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-4619", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2019-014903", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202003-899", trust: 0.6, }, { db: "VULMON", id: "CVE-2019-4619", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2019-4619", }, { db: "JVNDB", id: "JVNDB-2019-014903", }, { db: "CNNVD", id: "CNNVD-202003-899", }, { db: "NVD", id: "CVE-2019-4619", }, ], }, id: "VAR-202003-0589", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.22222222, }, last_update_date: "2022-05-04T09:02:47.160000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "1135101", trust: 0.8, url: "https://www.ibm.com/support/pages/node/1135101", }, { title: "ibm-mq-cve20194619-info-disc (168862)", trust: 0.8, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862", }, { title: "IBM MQ and IBM MQ Appliance Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112528", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014903", }, { db: "CNNVD", id: "CNNVD-202003-899", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-209", trust: 1, }, { problemtype: "CWE-200", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014903", }, { db: "NVD", id: "CVE-2019-4619", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.ibm.com/support/pages/node/1135101", }, { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-4619", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4619", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/ibm-mq-information-disclosure-31786", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-a-local-attacker-to-obtain-sensitive-information-by-inclusion-of-sensitive-data-within-trace-cve-2019-4619/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-by-inclusion-of-sensitive-data-within-trace-cve-2019-4619/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/209.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2019-4619", }, { db: "JVNDB", id: "JVNDB-2019-014903", }, { db: "CNNVD", id: "CNNVD-202003-899", }, { db: "NVD", id: "CVE-2019-4619", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2019-4619", }, { db: "JVNDB", id: "JVNDB-2019-014903", }, { db: "CNNVD", id: "CNNVD-202003-899", }, { db: "NVD", id: "CVE-2019-4619", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-03-16T00:00:00", db: "VULMON", id: "CVE-2019-4619", }, { date: "2020-03-27T00:00:00", db: "JVNDB", id: "JVNDB-2019-014903", }, { date: "2020-03-13T00:00:00", db: "CNNVD", id: "CNNVD-202003-899", }, { date: "2020-03-16T16:15:00", db: "NVD", id: "CVE-2019-4619", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-08-24T00:00:00", db: "VULMON", id: "CVE-2019-4619", }, { date: "2020-03-27T00:00:00", db: "JVNDB", id: "JVNDB-2019-014903", }, { date: "2020-08-25T00:00:00", db: "CNNVD", id: "CNNVD-202003-899", }, { date: "2020-08-24T17:37:00", db: "NVD", id: "CVE-2019-4619", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202003-899", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ and MQ Appliance Vulnerability regarding information leakage in", sources: [ { db: "JVNDB", id: "JVNDB-2019-014903", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202003-899", }, ], trust: 0.6, }, }
var-202003-0593
Vulnerability from variot
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. IBM MQ and MQ Appliance There is an input verification vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 170967 It is published as.Service operation interruption (DoS) It may be put into a state. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The vulnerability stems from an error in processing error messages. An attacker can use this vulnerability to cause a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0593", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0.0", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.0.4", }, { model: "websphere mq", scope: "lte", trust: 1, vendor: "ibm", version: "7.5.0.9", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.0.0.0", }, { model: "mq appliance", scope: "lt", trust: 1, vendor: "ibm", version: "8.0.0.14", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.4", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "websphere mq", scope: "gte", trust: 1, vendor: "ibm", version: "7.1.0.0", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "8.0.0.14", }, { model: "mq", scope: "lte", trust: 1, vendor: "ibm", version: "9.0.0.9", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "mq", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "mq appliance", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "websphere mq", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "mq appliance", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0", }, { model: "mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0", }, { model: "mq appliance cd", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1", }, { model: "mq appliance lts", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1", }, { model: "mq lts", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1", }, { model: "mq cd", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1", }, { model: "mq lts", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.0", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-17502", }, { db: "JVNDB", id: "JVNDB-2019-014904", }, { db: "NVD", id: "CVE-2019-4656", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.9", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "7.5.0.9", versionStartIncluding: "7.1.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-4656", }, ], }, cve: "CVE-2019-4656", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 4, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2019-014904", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CNVD-2020-17502", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2019-014904", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-4656", trust: 1, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2019-4656", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-014904", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-17502", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202003-896", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-17502", }, { db: "JVNDB", id: "JVNDB-2019-014904", }, { db: "NVD", id: "CVE-2019-4656", }, { db: "NVD", id: "CVE-2019-4656", }, { db: "CNNVD", id: "CNNVD-202003-896", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. IBM MQ and MQ Appliance There is an input verification vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 170967 It is published as.Service operation interruption (DoS) It may be put into a state. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The vulnerability stems from an error in processing error messages. An attacker can use this vulnerability to cause a denial of service", sources: [ { db: "NVD", id: "CVE-2019-4656", }, { db: "JVNDB", id: "JVNDB-2019-014904", }, { db: "CNVD", id: "CNVD-2020-17502", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-4656", trust: 3, }, { db: "JVNDB", id: "JVNDB-2019-014904", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-17502", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2023.4106", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202003-896", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-17502", }, { db: "JVNDB", id: "JVNDB-2019-014904", }, { db: "NVD", id: "CVE-2019-4656", }, { db: "CNNVD", id: "CNNVD-202003-896", }, ], }, id: "VAR-202003-0593", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-17502", }, ], trust: 0.99285713, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-17502", }, ], }, last_update_date: "2023-12-18T11:26:46.555000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "1135095", trust: 0.8, url: "https://www.ibm.com/support/pages/node/1135095", }, { title: "ibm-mq-cve20194656-dos (170967)", trust: 0.8, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967", }, { title: "Patch for IBM MQ Appliance and IBM MQ Denial of Service Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/209207", }, { title: "IBM MQ and IBM MQ Appliance Enter the fix for the verification error vulnerability", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=112526", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-17502", }, { db: "JVNDB", id: "JVNDB-2019-014904", }, { db: "CNNVD", id: "CNNVD-202003-896", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-20", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014904", }, { db: "NVD", id: "CVE-2019-4656", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967", }, { trust: 1.6, url: "https://www.ibm.com/support/pages/node/1135095", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-4656", }, { trust: 1.2, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-error-processing-error-messages-cve-2019-4656/", }, { trust: 1.2, url: "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-31785", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4656", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-authenticated-user-crafting-a-malicious-message-cve-2019-4656/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.4106", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-17502", }, { db: "JVNDB", id: "JVNDB-2019-014904", }, { db: "NVD", id: "CVE-2019-4656", }, { db: "CNNVD", id: "CNNVD-202003-896", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-17502", }, { db: "JVNDB", id: "JVNDB-2019-014904", }, { db: "NVD", id: "CVE-2019-4656", }, { db: "CNNVD", id: "CNNVD-202003-896", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-03-18T00:00:00", db: "CNVD", id: "CNVD-2020-17502", }, { date: "2020-03-27T00:00:00", db: "JVNDB", id: "JVNDB-2019-014904", }, { date: "2020-03-16T16:15:12.670000", db: "NVD", id: "CVE-2019-4656", }, { date: "2020-03-13T00:00:00", db: "CNNVD", id: "CNNVD-202003-896", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-03-18T00:00:00", db: "CNVD", id: "CNVD-2020-17502", }, { date: "2020-03-27T00:00:00", db: "JVNDB", id: "JVNDB-2019-014904", }, { date: "2021-07-21T11:39:23.747000", db: "NVD", id: "CVE-2019-4656", }, { date: "2023-07-21T00:00:00", db: "CNNVD", id: "CNNVD-202003-896", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202003-896", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ and MQ Appliance Input verification vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2019-014904", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202003-896", }, ], trust: 0.6, }, }
var-201904-0357
Vulnerability from variot
IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. IBM MQ Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 156564 Published as.Denial of service (DoS) May be in a state. An attacker can exploit this issue to cause a denial-of-service condition. The following product and versions are affected: IBM MQ and MQ Appliance from versions 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.1.0.0 through 9.1.0.1 and 9.1.0 through 9.1.1
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0357", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0.0", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0", }, { model: "mq", scope: "lte", trust: 1, vendor: "ibm", version: "9.1.1", }, { model: "mq appliance", scope: "lte", trust: 1, vendor: "ibm", version: "9.1.1", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.0.0.0", }, { model: "mq", scope: "lte", trust: 1, vendor: "ibm", version: "9.1.0.1", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0.0", }, { model: "mq appliance", scope: "lte", trust: 1, vendor: "ibm", version: "8.0.0.10", }, { model: "mq appliance", scope: "lte", trust: 1, vendor: "ibm", version: "9.1.0.1", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "mq", scope: "lte", trust: 1, vendor: "ibm", version: "8.0.0.10", }, { model: "mq", scope: "lte", trust: 1, vendor: "ibm", version: "9.0.0.5", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "mq appliance", scope: "eq", trust: 0.8, vendor: "ibm", version: "8.0.0.0 to 8.0.0.10", }, { model: "mq appliance", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.0.0.0 to 9.0.0.5", }, { model: "mq appliance", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.1.0.0 to 9.1.1", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.9", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.8", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.7", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.6", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "mq appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.5", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.5", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.4", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.4", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.3", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.2", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.2", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.1", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.0", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.3", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.5", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.4", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.4", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.3", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.2", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.1", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.0", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.9", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.8", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.7", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.6", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.10", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "mq", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.1.2", }, { model: "mq lts", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.0.0.6", }, { model: "mq", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.0.0.11", }, ], sources: [ { db: "BID", id: "108027", }, { db: "JVNDB", id: "JVNDB-2019-003617", }, { db: "NVD", id: "CVE-2019-4055", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.0.0.10", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.5", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndIncluding: "9.1.0.1", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndIncluding: "9.1.0.1", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndIncluding: "9.1.1", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.0.0.10", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndIncluding: "9.1.1", versionStartIncluding: "9.1.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-4055", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported the issue.", sources: [ { db: "BID", id: "108027", }, { db: "CNNVD", id: "CNNVD-201904-879", }, ], trust: 0.9, }, cve: "CVE-2019-4055", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-4055", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-4055", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-4055", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2019-4055", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201904-879", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-003617", }, { db: "NVD", id: "CVE-2019-4055", }, { db: "NVD", id: "CVE-2019-4055", }, { db: "CNNVD", id: "CNNVD-201904-879", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. IBM MQ Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 156564 Published as.Denial of service (DoS) May be in a state. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThe following product and versions are affected:\nIBM MQ and MQ Appliance from versions 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.1.0.0 through 9.1.0.1 and 9.1.0 through 9.1.1", sources: [ { db: "NVD", id: "CVE-2019-4055", }, { db: "JVNDB", id: "JVNDB-2019-003617", }, { db: "BID", id: "108027", }, ], trust: 1.89, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-4055", trust: 2.7, }, { db: "BID", id: "108027", trust: 1.9, }, { db: "JVNDB", id: "JVNDB-2019-003617", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2019.1347", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.4784", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2023.4106", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.3122", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201904-879", trust: 0.6, }, ], sources: [ { db: "BID", id: "108027", }, { db: "JVNDB", id: "JVNDB-2019-003617", }, { db: "NVD", id: "CVE-2019-4055", }, { db: "CNNVD", id: "CNNVD-201904-879", }, ], }, id: "VAR-201904-0357", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.39285713, }, last_update_date: "2023-12-18T11:42:11.730000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "0870484", trust: 0.8, url: "https://www.ibm.com/support/docview.wss?uid=ibm10870484", }, { title: "ibm-websphere-cve20194055-dos (156564)", trust: 0.8, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564", }, { title: "IBM MQ and IBM MQ Appliance Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=91713", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-003617", }, { db: "CNNVD", id: "CNNVD-201904-879", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-20", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-003617", }, { db: "NVD", id: "CVE-2019-4055", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.2, url: "http://www.securityfocus.com/bid/108027", }, { trust: 2.2, url: "https://www.ibm.com/support/docview.wss?uid=ibm10870484", }, { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-4055", }, { trust: 0.9, url: "http://www.ibm.com/", }, { trust: 0.9, url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10870484", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4055", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1137634", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1115109", }, { trust: 0.6, url: "https://www.ibm.com/support/docview.wss?uid=ibm10967151", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-tls-key-renegotiation-29053", }, { trust: 0.6, url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10967151", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1115031", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/79378", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.4106", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.3122/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.4784/", }, ], sources: [ { db: "BID", id: "108027", }, { db: "JVNDB", id: "JVNDB-2019-003617", }, { db: "NVD", id: "CVE-2019-4055", }, { db: "CNNVD", id: "CNNVD-201904-879", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "108027", }, { db: "JVNDB", id: "JVNDB-2019-003617", }, { db: "NVD", id: "CVE-2019-4055", }, { db: "CNNVD", id: "CNNVD-201904-879", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-04-16T00:00:00", db: "BID", id: "108027", }, { date: "2019-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2019-003617", }, { date: "2019-04-19T17:29:01.987000", db: "NVD", id: "CVE-2019-4055", }, { date: "2019-04-17T00:00:00", db: "CNNVD", id: "CNNVD-201904-879", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-04-16T00:00:00", db: "BID", id: "108027", }, { date: "2019-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2019-003617", }, { date: "2022-01-01T20:16:29.733000", db: "NVD", id: "CVE-2019-4055", }, { date: "2023-07-21T00:00:00", db: "CNNVD", id: "CNNVD-201904-879", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201904-879", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ Input validation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2019-003617", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-201904-879", }, ], trust: 0.6, }, }
var-202004-1758
Vulnerability from variot
IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840. Vendor exploits this vulnerability IBM X-Force ID: 175840 It is published as.Service operation interruption (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1758", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.0.4", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.1.0.0", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "8.0.0.14", }, { model: "mq appliance", scope: "lt", trust: 1, vendor: "ibm", version: "9.1.5", }, { model: "mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "8.0", }, { model: "mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.1 cd", }, { model: "mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.1 lts", }, { model: "mq appliance", scope: "eq", trust: 0.8, vendor: "ibm", version: "8.0", }, { model: "mq appliance", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.1 cd", }, { model: "mq appliance", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.1 lts", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "8.0.0.0", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "8.0.0.1", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "8.0.0.2", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "8.0.0.3", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "8.0.0.4", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "8.0.0.5", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "8.0.0.6", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "8.0.0.7", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "8.0.0.8", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "8.0.0.9", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "8.0.0.10", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "8.0.0.11", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "8.0.0.12", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "8.0.0.13", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "9.1.0.0", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "9.1.0.1", }, { model: "mq", scope: "eq", trust: 0.1, vendor: "ibm", version: "9.1.0.2", }, { model: "mq appliance", scope: "eq", trust: 0.1, vendor: "ibm", version: "9.1.0.2", }, { model: "mq appliance", scope: "eq", trust: 0.1, vendor: "ibm", version: "9.1.0.3", }, { model: "mq appliance", scope: "eq", trust: 0.1, vendor: "ibm", version: "9.1.0.4", }, { model: "mq appliance", scope: "eq", trust: 0.1, vendor: "ibm", version: "9.1.1", }, { model: "mq appliance", scope: "eq", trust: 0.1, vendor: "ibm", version: "9.1.2", }, { model: "mq appliance", scope: "eq", trust: 0.1, vendor: "ibm", version: "9.1.3", }, { model: "mq appliance", scope: "eq", trust: 0.1, vendor: "ibm", version: "9.1.4", }, ], sources: [ { db: "VULMON", id: "CVE-2020-4267", }, { db: "JVNDB", id: "JVNDB-2020-004676", }, { db: "NVD", id: "CVE-2020-4267", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", cpe_name: [], versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-4267", }, ], }, cve: "CVE-2020-4267", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULMON", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CVE-2020-4267", impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 1.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 4, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2020-004676", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2020-4267", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2020-004676", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-4267", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2020-004676", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202004-2043", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-4267", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2020-4267", }, { db: "JVNDB", id: "JVNDB-2020-004676", }, { db: "CNNVD", id: "CNNVD-202004-2043", }, { db: "NVD", id: "CVE-2020-4267", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840. Vendor exploits this vulnerability IBM X-Force ID: 175840 It is published as.Service operation interruption (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2020-4267", }, { db: "JVNDB", id: "JVNDB-2020-004676", }, { db: "VULMON", id: "CVE-2020-4267", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-4267", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2020-004676", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-2043", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-4267", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2020-4267", }, { db: "JVNDB", id: "JVNDB-2020-004676", }, { db: "CNNVD", id: "CNNVD-202004-2043", }, { db: "NVD", id: "CVE-2020-4267", }, ], }, id: "VAR-202004-1758", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.22222222, }, last_update_date: "2022-05-04T10:21:38.661000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6195384", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6195384", }, { title: "ibm-mq-cve20204267-dos (175840)", trust: 0.8, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840", }, { title: "IBM MQ Appliance Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117266", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-004676", }, { db: "CNNVD", id: "CNNVD-202004-2043", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-401", trust: 1, }, { problemtype: "CWE-772", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-004676", }, { db: "NVD", id: "CVE-2020-4267", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6195384", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-4267", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4267", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4267/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/ibm-mq-memory-leak-32535", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-mq-appliance-could-allow-an-authenticated-user-cause-a-denial-of-service-due-to-a-memory-leak-cve-2020-4267/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/772.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2020-4267", }, { db: "JVNDB", id: "JVNDB-2020-004676", }, { db: "CNNVD", id: "CNNVD-202004-2043", }, { db: "NVD", id: "CVE-2020-4267", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2020-4267", }, { db: "JVNDB", id: "JVNDB-2020-004676", }, { db: "CNNVD", id: "CNNVD-202004-2043", }, { db: "NVD", id: "CVE-2020-4267", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-24T00:00:00", db: "VULMON", id: "CVE-2020-4267", }, { date: "2020-05-26T00:00:00", db: "JVNDB", id: "JVNDB-2020-004676", }, { date: "2020-04-23T00:00:00", db: "CNNVD", id: "CNNVD-202004-2043", }, { date: "2020-04-24T16:15:00", db: "NVD", id: "CVE-2020-4267", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-30T00:00:00", db: "VULMON", id: "CVE-2020-4267", }, { date: "2020-05-26T00:00:00", db: "JVNDB", id: "JVNDB-2020-004676", }, { date: "2020-06-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-2043", }, { date: "2021-07-21T11:39:00", db: "NVD", id: "CVE-2020-4267", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2043", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ and MQ Appliance Vulnerability regarding lack of resource release after valid lifetime in", sources: [ { db: "JVNDB", id: "JVNDB-2020-004676", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202004-2043", }, ], trust: 0.6, }, }
var-201811-0300
Vulnerability from variot
IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456. IBM WebSphere MQ Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 145456 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0300", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "websphere mq", scope: "eq", trust: 1.6, vendor: "ibm", version: "9.1.0.0", }, { model: "websphere mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.0.1", }, { model: "websphere mq", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "websphere mq", scope: "lte", trust: 1, vendor: "ibm", version: "9.0.5", }, { model: "websphere mq", scope: "lte", trust: 1, vendor: "ibm", version: "8.0.0.10", }, { model: "websphere mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.0.0.0", }, { model: "websphere mq", scope: "lte", trust: 1, vendor: "ibm", version: "9.0.0.5", }, { model: "websphere mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "8.0 to 9.1", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.0.0.1", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.0.3", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0.0.6", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0.0.4", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0.0.3", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0.0.2", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.0.4", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0.0.7", }, { model: "websphere mq", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.0.0.5", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.5", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.4", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.3", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.2", }, { model: "mq cd", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.5", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.4", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.3", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.2", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.1", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.0", }, { model: "mq lts", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.9", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.8", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.7", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.6", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.10", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, ], sources: [ { db: "BID", id: "105999", }, { db: "JVNDB", id: "JVNDB-2018-011791", }, { db: "NVD", id: "CVE-2018-1684", }, { db: "CNNVD", id: "CNNVD-201811-122", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.5", versionStartIncluding: "9.0.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.0.0.10", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:9.1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.5", versionStartIncluding: "9.0.0.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-1684", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported the issue.", sources: [ { db: "BID", id: "105999", }, ], trust: 0.3, }, cve: "CVE-2018-1684", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 4, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-1684", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "HIGH", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.6, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-1684", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-1684", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2018-1684", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201811-122", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-1684", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2018-1684", }, { db: "JVNDB", id: "JVNDB-2018-011791", }, { db: "NVD", id: "CVE-2018-1684", }, { db: "NVD", id: "CVE-2018-1684", }, { db: "CNNVD", id: "CNNVD-201811-122", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456. IBM WebSphere MQ Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 145456 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial-of-service condition", sources: [ { db: "NVD", id: "CVE-2018-1684", }, { db: "JVNDB", id: "JVNDB-2018-011791", }, { db: "BID", id: "105999", }, { db: "VULMON", id: "CVE-2018-1684", }, ], trust: 1.98, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-1684", trust: 2.8, }, { db: "JVNDB", id: "JVNDB-2018-011791", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2019.4784", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.3122", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201811-122", trust: 0.6, }, { db: "BID", id: "105999", trust: 0.3, }, { db: "VULMON", id: "CVE-2018-1684", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2018-1684", }, { db: "BID", id: "105999", }, { db: "JVNDB", id: "JVNDB-2018-011791", }, { db: "NVD", id: "CVE-2018-1684", }, { db: "CNNVD", id: "CNNVD-201811-122", }, ], }, id: "VAR-201811-0300", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.39285713, }, last_update_date: "2023-12-18T11:15:57.292000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "0734297", trust: 0.8, url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10734297", }, { title: "ibm-websphere-cve20181684-dos (145456)", trust: 0.8, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456", }, { title: "IBM WebSphere MQ Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86629", }, { title: "IBM: IBM Security Bulletin: Multiple IBM MQ Security Vulnerabilities Affect IBM Sterling B2B Integrator", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=12d49a0da922bc87e2a67d963391d2c3", }, { title: "IoT-Flock", trust: 0.1, url: "https://github.com/thingzdefense/iot-flock ", }, { title: "", trust: 0.1, url: "https://github.com/abbas4security/coapids ", }, { title: "cve", trust: 0.1, url: "https://github.com/michwqy/cve ", }, ], sources: [ { db: "VULMON", id: "CVE-2018-1684", }, { db: "JVNDB", id: "JVNDB-2018-011791", }, { db: "CNNVD", id: "CNNVD-201811-122", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-20", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-011791", }, { db: "NVD", id: "CVE-2018-1684", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.ibm.com/support/docview.wss?uid=ibm10734297", }, { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1684", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1684", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1137634", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1115109", }, { trust: 0.6, url: "https://www.ibm.com/support/docview.wss?uid=ibm10967151", }, { trust: 0.6, url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10967151", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1115031", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.3122/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.4784/", }, { trust: 0.3, url: "http://www.ibm.com/", }, { trust: 0.3, url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10734297", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/thingzdefense/iot-flock", }, { trust: 0.1, url: "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-ibm-mq-security-vulnerabilities-affect-ibm-sterling-b2b-integrator/", }, ], sources: [ { db: "VULMON", id: "CVE-2018-1684", }, { db: "BID", id: "105999", }, { db: "JVNDB", id: "JVNDB-2018-011791", }, { db: "NVD", id: "CVE-2018-1684", }, { db: "CNNVD", id: "CNNVD-201811-122", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2018-1684", }, { db: "BID", id: "105999", }, { db: "JVNDB", id: "JVNDB-2018-011791", }, { db: "NVD", id: "CVE-2018-1684", }, { db: "CNNVD", id: "CNNVD-201811-122", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-11-09T00:00:00", db: "VULMON", id: "CVE-2018-1684", }, { date: "2018-11-01T00:00:00", db: "BID", id: "105999", }, { date: "2019-01-23T00:00:00", db: "JVNDB", id: "JVNDB-2018-011791", }, { date: "2018-11-09T01:29:00.367000", db: "NVD", id: "CVE-2018-1684", }, { date: "2018-11-07T00:00:00", db: "CNNVD", id: "CNNVD-201811-122", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-08-24T00:00:00", db: "VULMON", id: "CVE-2018-1684", }, { date: "2018-11-01T00:00:00", db: "BID", id: "105999", }, { date: "2019-01-23T00:00:00", db: "JVNDB", id: "JVNDB-2018-011791", }, { date: "2020-08-24T17:37:01.140000", db: "NVD", id: "CVE-2018-1684", }, { date: "2020-10-22T00:00:00", db: "CNNVD", id: "CNNVD-201811-122", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201811-122", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM WebSphere MQ Input validation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-011791", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-201811-122", }, ], trust: 0.6, }, }
var-202001-0209
Vulnerability from variot
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 166629 Published as.Denial of service operation (DoS) May be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0209", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "mq appliance", scope: "lt", trust: 1, vendor: "ibm", version: "8.0.0.14", }, { model: "mq appliance", scope: "gte", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "9.0.0.8", }, { model: "mq", scope: "gte", trust: 1, vendor: "ibm", version: "9.0.0.0", }, { model: "mq", scope: "lt", trust: 1, vendor: "ibm", version: "8.0.0.14", }, { model: "mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "8.0", }, { model: "mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "9.0 lts", }, { model: "mq", scope: "eq", trust: 0.8, vendor: "ibm", version: "appliance 8.0", }, { model: "mq appliance", scope: "eq", trust: 0.8, vendor: "ibm", version: "8.0", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014396", }, { db: "NVD", id: "CVE-2019-4568", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.0.0.8", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "9.0.0.8", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-4568", }, ], }, cve: "CVE-2019-4568", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-4568", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 1.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.2, id: "CVE-2019-4568", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "High", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 5.9, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-4568", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-4568", trust: 1.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202001-1259", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014396", }, { db: "CNNVD", id: "CNNVD-202001-1259", }, { db: "NVD", id: "CVE-2019-4568", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 166629 Published as.Denial of service operation (DoS) May be in a state", sources: [ { db: "NVD", id: "CVE-2019-4568", }, { db: "JVNDB", id: "JVNDB-2019-014396", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-4568", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2019-014396", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202001-1259", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014396", }, { db: "CNNVD", id: "CNNVD-202001-1259", }, { db: "NVD", id: "CVE-2019-4568", }, ], }, id: "VAR-202001-0209", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.22222222, }, last_update_date: "2022-05-04T10:11:11.109000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "1106517 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/1106517", }, { title: "IBM MQ and IBM MQ Appliance Enter the fix for the verification error vulnerability", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110076", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014396", }, { db: "CNNVD", id: "CNNVD-202001-1259", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014396", }, { db: "NVD", id: "CVE-2019-4568", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://www.ibm.com/support/pages/node/1106517", }, { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166629", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-4568", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-error-within-the-clustering-code-cve-2019-4568/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-clustering-code-31427", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014396", }, { db: "CNNVD", id: "CNNVD-202001-1259", }, { db: "NVD", id: "CVE-2019-4568", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2019-014396", }, { db: "CNNVD", id: "CNNVD-202001-1259", }, { db: "NVD", id: "CVE-2019-4568", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-14T00:00:00", db: "JVNDB", id: "JVNDB-2019-014396", }, { date: "2020-01-28T00:00:00", db: "CNNVD", id: "CNNVD-202001-1259", }, { date: "2020-01-28T19:15:00", db: "NVD", id: "CVE-2019-4568", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-14T00:00:00", db: "JVNDB", id: "JVNDB-2019-014396", }, { date: "2021-07-26T00:00:00", db: "CNNVD", id: "CNNVD-202001-1259", }, { date: "2021-07-21T11:39:00", db: "NVD", id: "CVE-2019-4568", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202001-1259", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ and MQ Appliance Input validation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2019-014396", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202001-1259", }, ], trust: 0.6, }, }
var-202101-1665
Vulnerability from variot
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1665", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.3", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.5.0.3", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.0.7", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.9", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.5.0.1", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.8", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.1", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.0.2", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.1.0.6", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.1.0.1", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.12", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.0.0", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.5.0.6", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.5.0.7", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.0.8", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.5.0.0", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.10", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.5.0.8", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.5.0.4", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.5.0.2", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.0.6", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.13", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.0.9", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.1.0.2", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.0.4", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.15", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.1.0.5", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.4", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.1.0.4", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.2", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.5.0.9", }, { model: "websphere mq", scope: "eq", trust: 1, vendor: "ibm", version: "7.5.0.5", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.0.1", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.1.0.0", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.1.0.3", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.7", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.0.3", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.5", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.0.10", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.0", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.6", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.14", }, { model: "mq appliance", scope: "eq", trust: 1, vendor: "ibm", version: "9.2.0.0", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.0.5", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "8.0.0.11", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.2.0.0", }, { model: "mq", scope: "eq", trust: 1, vendor: "ibm", version: "9.2.1.0", }, ], sources: [ { db: "NVD", id: "CVE-2020-4682", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.13:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.14:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:8.0.0.15:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.0.0.1:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.0.0.2:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.0.0.3:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.0.0.4:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.0.0.5:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.0.0.6:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.0.0.7:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.0.0.8:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.0.0.9:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.0.0.10:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.1.0.1:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.1.0.2:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.1.0.3:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.1.0.4:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.1.0.5:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.1.0.6:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:continuous_delivery:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq:9.2.1.0:*:*:*:continuous_delivery:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_mq:7.5.0.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-4682", }, ], }, cve: "CVE-2020-4682", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2020-4682", impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "HIGH", trust: 1.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2020-4682", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2020-4682", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202101-2461", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2020-4682", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2020-4682", }, { db: "CNNVD", id: "CNNVD-202101-2461", }, { db: "NVD", id: "CVE-2020-4682", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509", sources: [ { db: "NVD", id: "CVE-2020-4682", }, { db: "VULMON", id: "CVE-2020-4682", }, ], trust: 0.99, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-4682", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202101-2461", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-4682", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2020-4682", }, { db: "CNNVD", id: "CNNVD-202101-2461", }, { db: "NVD", id: "CVE-2020-4682", }, ], }, id: "VAR-202101-1665", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.22222222, }, last_update_date: "2022-05-04T08:52:19.080000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "IBM MQ Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140067", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202101-2461", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-502", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2020-4682", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6408626", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/6496783", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2020-4682", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4682/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/ibm-mq-code-execution-via-deserialization-34421", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4682/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/502.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2020-4682", }, { db: "CNNVD", id: "CNNVD-202101-2461", }, { db: "NVD", id: "CVE-2020-4682", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2020-4682", }, { db: "CNNVD", id: "CNNVD-202101-2461", }, { db: "NVD", id: "CVE-2020-4682", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-01-28T00:00:00", db: "VULMON", id: "CVE-2020-4682", }, { date: "2021-01-27T00:00:00", db: "CNNVD", id: "CNNVD-202101-2461", }, { date: "2021-01-28T13:15:00", db: "NVD", id: "CVE-2020-4682", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-02T00:00:00", db: "VULMON", id: "CVE-2020-4682", }, { date: "2021-10-08T00:00:00", db: "CNNVD", id: "CNNVD-202101-2461", }, { date: "2021-02-02T17:35:00", db: "NVD", id: "CVE-2020-4682", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202101-2461", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM MQ Code problem vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202101-2461", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code problem", sources: [ { db: "CNNVD", id: "CNNVD-202101-2461", }, ], trust: 0.6, }, }