Vulnerabilites related to ibm - websphere_mq
Vulnerability from fkie_nvd
Published
2017-02-24 18:59
Modified
2024-11-21 03:00
Severity ?
Summary
IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "153F42BE-64AE-4D38-94C1-E59EF10632A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647.", }, { lang: "es", value: "IBM WebSphere MQ 8.0 podría permitir a un usuario autenticado con autoridad crear un objeto de clúster para provocar una denegación de servicio a la agrupación de MQ. Referencia de IBM: 1998647.", }, ], id: "CVE-2016-9009", lastModified: "2024-11-21T03:00:25.683", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-24T18:59:00.193", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998647", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/96441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998647", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96441", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-26 20:29
Modified
2024-11-21 03:59
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg22012982 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/137775 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg22012982 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/137775 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.1 | |
| ibm | websphere_mq | 7.1.0.1 | |
| ibm | websphere_mq | 7.1.0.2 | |
| ibm | websphere_mq | 7.1.0.3 | |
| ibm | websphere_mq | 7.1.0.4 | |
| ibm | websphere_mq | 7.1.0.5 | |
| ibm | websphere_mq | 7.1.0.6 | |
| ibm | websphere_mq | 7.1.0.7 | |
| ibm | websphere_mq | 7.1.0.8 | |
| ibm | websphere_mq | 7.1.0.9 | |
| ibm | websphere_mq | 7.5 | |
| ibm | websphere_mq | 7.5.0.1 | |
| ibm | websphere_mq | 7.5.0.2 | |
| ibm | websphere_mq | 7.5.0.3 | |
| ibm | websphere_mq | 7.5.0.4 | |
| ibm | websphere_mq | 8.0.0.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 | |
| ibm | websphere_mq | 8.0.0.6 | |
| ibm | websphere_mq | 8.0.0.7 | |
| ibm | websphere_mq | 8.0.0.8 | |
| ibm | websphere_mq | 9.0.0 | |
| ibm | websphere_mq | 9.0.0.0 | |
| ibm | websphere_mq | 9.0.0.1 | |
| ibm | websphere_mq | 9.0.0.2 | |
| ibm | websphere_mq | 9.0.1 | |
| ibm | websphere_mq | 9.0.2 | |
| ibm | websphere_mq | 9.0.3 | |
| ibm | websphere_mq | 9.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1:*:*:*:*:*:*:*", matchCriteriaId: "417A12D5-4E6E-487E-9515-2410B3697639", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5C711485-326F-47AC-A999-95F593B086B3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B84C0416-B334-45C1-9BA7-E66D9371BD80", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "56C38EE8-1F6D-4BCF-AA46-D71E6F3EDAC6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "25AC9713-B00C-4A51-AEFB-7927B675E977", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "AFFC891B-ECE0-44DD-A0AD-5CA4A263961F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "CE71C30A-B8B5-42EA-9A90-44347FCC32D2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "9D862347-D638-41F6-94AA-E39B2F8E7010", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "96B18B43-D978-4C2B-8B1F-96F637389091", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "34B6DCEB-D934-4390-A913-888D0AC45D44", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0343E94F-6DE2-4E27-AFC5-D4650A4519F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BDA4EE08-D531-4957-BF2A-C5A9ABB0F38D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "751BF695-E27A-4D9F-9190-84A7BCD5E268", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CDA1EF24-9710-4C4A-8059-917C02185CA3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "153F42BE-64AE-4D38-94C1-E59EF10632A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "D3679D6F-1E3A-4546-A05B-5B4EA515B4C9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F4E6617F-85DF-49FE-B713-148624DC87A8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.8:*:*:*:*:*:*:*", matchCriteriaId: "03A2E32F-2019-4F5F-814D-60218B960A95", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0:*:*:*:*:*:*:*", matchCriteriaId: "76F0F94C-6D8F-421A-B8E1-565651147971", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F0628A7A-D9D7-4E29-B5D3-04707585463A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4084EE93-8B41-493E-BB50-9ABC8E956C89", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "FA310DB1-904C-45D0-8CAC-0B01638A7D41", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "406AADD2-9732-44F1-91FC-F8C90088AD5A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*", matchCriteriaId: "018595DD-9AAD-44C7-9A46-BC78AF1F6C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CF68ED28-0999-4622-A923-624284229F13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.", }, { lang: "es", value: "Un cliente de IBM WebSphere MQ (niveles de mantenimiento 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2 y 9.0.0 - 9.0.4) que se conecte a un Queue Manager podría provocar un SIGSEGV en el proceso Channel amqrmppa. IBM X-Force ID: 137775.", }, ], id: "CVE-2018-1374", lastModified: "2024-11-21T03:59:42.680", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-26T20:29:00.303", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg22012982", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg22012982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137775", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-03-04 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 5.3 | |
| ibm | websphere_mq | 6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:5.3:*:*:*:*:*:*:*", matchCriteriaId: "36650BB9-861B-42B5-BCC1-492F84A64951", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6:*:*:*:*:*:*:*", matchCriteriaId: "548ED888-1255-456C-88FD-2884539C157F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel.", }, { lang: "es", value: "Vulnerabilidad no especificada en IBM WebSphere MQ 6.0.x versiones anteriores a 6.0.2.2 y 5.3 versiones anteriores Fix Pack 14 permite a atacantes evitar restricciones de acceso para un gestor de colas a través un canal SVRCONN (MQ client).", }, ], id: "CVE-2008-1130", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.6, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 9.2, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-03-04T00:44:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29170", }, { source: "cve@mitre.org", url: "http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg1IZ01272", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/28046", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1019527", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/0719", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29170", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg1IZ01272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/28046", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1019527", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/0719", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-06-07 17:29
Modified
2024-11-21 02:55
Severity ?
Summary
IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22003509 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/98770 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/117926 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22003509 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98770 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/117926 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 9.0.0.0 | |
| ibm | websphere_mq | 9.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F0628A7A-D9D7-4E29-B5D3-04707585463A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.", }, { lang: "es", value: "IBM WebSphere MQ versiones 9.0.0.1 y 9.0.2 podrían permitir a un usuario local escribir en un archivo o eliminar archivos de un directorio al que no deberían tener acceso debido a controles de acceso inadecuados. IBM X-Force ID: 117926", }, ], id: "CVE-2016-6089", lastModified: "2024-11-21T02:55:25.927", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-06-07T17:29:00.583", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003509", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98770", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003509", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98770", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-10-19 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0.0.0 | |
| ibm | websphere_mq_explorer | 7.5.0.0 | |
| ibm | websphere_mq_explorer | 7.5.0.1 | |
| ibm | websphere_mq_explorer | 7.5.0.2 | |
| ibm | websphere_mq_explorer | 7.5.0.3 | |
| ibm | websphere_mq_explorer | 7.5.0.4 | |
| ibm | websphere_mq_explorer | 8.0.0.0 | |
| ibm | websphere_mq_explorer | 8.0.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "153F42BE-64AE-4D38-94C1-E59EF10632A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5745E231-D937-4FCC-BA85-61021D36E42A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "DDA7219C-E8E7-41E6-B07A-13F75C796100", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A01E3907-CE96-4D3F-9CDD-DA348CEA4EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A0B46FF7-452B-47BF-9CF9-0383043144F9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3C38C5A6-CBF6-4E81-9F8D-8E2A5A216653", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_explorer:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D02554D0-4575-40E5-BD37-2017503C49E4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_explorer:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "86259F4B-607C-44F0-B744-91763C96C120", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation.", }, { lang: "es", value: "IBM WebSphere MQ classes for Java libraries 8.0 anterior a 8.0.0.1 y Websphere MQ Explorer 7.5 anterior a 7.5.0.5 y 8.0 anterior a 8.0.0.2 permiten a usuarios locales descubrir contraseñas en texto plano preconfiguradas a través de una operación de trazar no especificada.", }, ], id: "CVE-2014-4822", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-19T01:55:14.013", references: [ { source: "psirt@us.ibm.com", url: "http://secunia.com/advisories/59921", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04023", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686339", }, { source: "psirt@us.ibm.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59921", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686339", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95467", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-255", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-07 15:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22005525 | Issue Tracking, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102163 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/127803 | Issue Tracking, VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22005525 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102163 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/127803 | Issue Tracking, VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.5 | |
| ibm | websphere_mq | 7.5.0.1 | |
| ibm | websphere_mq | 7.5.0.2 | |
| ibm | websphere_mq | 7.5.0.3 | |
| ibm | websphere_mq | 7.5.0.4 | |
| ibm | websphere_mq | 7.5.0.5 | |
| ibm | websphere_mq | 7.5.0.6 | |
| ibm | websphere_mq | 7.5.0.7 | |
| ibm | websphere_mq | 7.5.0.8 | |
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 | |
| ibm | websphere_mq | 8.0.0.6 | |
| ibm | websphere_mq | 8.0.0.7 | |
| ibm | websphere_mq | 9.0 | |
| ibm | websphere_mq | 9.0.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0343E94F-6DE2-4E27-AFC5-D4650A4519F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BDA4EE08-D531-4957-BF2A-C5A9ABB0F38D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "751BF695-E27A-4D9F-9190-84A7BCD5E268", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CDA1EF24-9710-4C4A-8059-917C02185CA3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "CC257545-44A3-4659-951D-F4DFF3B87CFB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FD4E86C-0E58-4A91-A18C-534464BC197A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "AE4B1F7A-8989-4B4E-A75E-037B38ED7536", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D98FEC2B-14F4-48EF-A7D2-DA4451EBD402", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "D3679D6F-1E3A-4546-A05B-5B4EA515B4C9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F4E6617F-85DF-49FE-B713-148624DC87A8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", matchCriteriaId: "63E773A8-4ED2-47AA-A2D7-5CD02CBA47C0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4084EE93-8B41-493E-BB50-9ABC8E956C89", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.", }, { lang: "es", value: "IBM WebSphere MQ 7.5, 8.0 y 9.0 podría permitir que un usuario autenticado inserte mensajes con una cabecera RFH corrupta en el canal, lo que provocaría su reinicio. IBM X-Force ID: 127803.", }, ], id: "CVE-2017-1433", lastModified: "2024-11-21T03:21:52.120", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-07T15:29:00.907", references: [ { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005525", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102163", }, { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005525", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-11-27 21:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22003852 | Issue Tracking, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/125144 | Issue Tracking, VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22003852 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/125144 | Issue Tracking, VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 | |
| ibm | websphere_mq | 8.0.0.6 | |
| ibm | websphere_mq | 8.0.0.7 | |
| ibm | websphere_mq | 9.0 | |
| ibm | websphere_mq | 9.0.0.1 | |
| ibm | websphere_mq | 9.0.1 | |
| ibm | websphere_mq | 9.0.2 | |
| ibm | websphere_mq | 9.0.3 | |
| ibm | websphere_mq | 9.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "D3679D6F-1E3A-4546-A05B-5B4EA515B4C9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F4E6617F-85DF-49FE-B713-148624DC87A8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", matchCriteriaId: "63E773A8-4ED2-47AA-A2D7-5CD02CBA47C0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4084EE93-8B41-493E-BB50-9ABC8E956C89", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "406AADD2-9732-44F1-91FC-F8C90088AD5A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*", matchCriteriaId: "018595DD-9AAD-44C7-9A46-BC78AF1F6C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CF68ED28-0999-4622-A923-624284229F13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.", }, { lang: "es", value: "Las versiones 8.0 y 9.0 de IBM WebSphere MQ podrían permitir que un usuario autenticado provoque una fuga de memoria compartida por aplicaciones MQ empleando consultas dinámicas, lo que podría conducir a una falta de recursos para otras aplicaciones MQ. IBM X-Force ID: 125144.", }, ], id: "CVE-2017-1283", lastModified: "2024-11-21T03:21:38.167", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-11-27T21:29:00.347", references: [ { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003852", }, { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003852", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-772", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-17 10:31
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.1.0 | |
| ibm | websphere_mq | 7.0.2.0 | |
| ibm | websphere_mq | 7.0.2.2 | |
| ibm | websphere_mq | 7.0.4.0 | |
| ibm | websphere_mq_managed_file_transfer | 7.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:file_transfer:*:*:*:*:*", matchCriteriaId: "34334B53-0D91-4539-A8C5-F40007E11245", versionEndIncluding: "7.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:file_transfer:*:*:*:*:*", matchCriteriaId: "CCC205E7-DEEF-4217-A0F8-060EA98B6D17", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:file_transfer:*:*:*:*:*", matchCriteriaId: "7FADD25C-32BB-4E6B-B07F-F0E2D45602EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:file_transfer:*:*:*:*:*", matchCriteriaId: "98A1AA9D-F576-43C9-91AD-BC8CEB427A07", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.2.0:*:file_transfer:*:*:*:*:*", matchCriteriaId: "97B0EF19-9684-4AE7-857E-779380B9A825", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.2.2:*:file_transfer:*:*:*:*:*", matchCriteriaId: "38985204-536F-4BD6-A718-B28983FF668A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.4.0:*:file_transfer:*:*:*:*:*", matchCriteriaId: "740568A4-24F3-4F58-AC99-442184C9F0C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_managed_file_transfer:7.5:*:*:*:*:*:*:*", matchCriteriaId: "C58B700B-B66E-4B7E-9557-2FB0107F44EE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.", }, { lang: "es", value: "Múltiples vulnerabilidades de falsificación de peticiones en sitios cruzados (CSRF) en el componente de puerta de enlace de web (Web Gateway) de IBM WebSphere MQ File Transfer Edition v7.0.4 y versiones anteriores, y WebSphere MQ - Managed File Transfer v7.5, permiten a atacantes remotos secuestrar la autenticación de usuarios de su elección para las solicitudes que (1) agreguen cuentas de usuario a través de la URI wmqfteconsole/Filespaces, (2) modifiquen los permisos a través de la URI wmqfteconsole/FileSpacePermisssions, o (3) agreguen cuentas de usuario de MQ Message Descriptor (MQMD) a través de la URI wmqfteconsole/UploadUsers.\r\n", }, ], id: "CVE-2012-3294", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-08-17T10:31:52.090", references: [ { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516", }, { source: "psirt@us.ibm.com", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/20477/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21607482", }, { source: "psirt@us.ibm.com", url: "http://www.securitytracker.com/id?1027373", }, { source: "psirt@us.ibm.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77180", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/20477/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21607482", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1027373", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77180", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-11-15 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.0.2 | |
| ibm | websphere_mq | 7.0.1.0 | |
| ibm | websphere_mq | 7.0.1.1 | |
| ibm | websphere_mq | 7.0.1.2 | |
| ibm | websphere_mq | 7.0.1.3 | |
| ibm | websphere_mq | 7.0.1.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*", matchCriteriaId: "594287A4-AF30-4872-A5B8-1421FAB5C674", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AF396289-8409-4FE2-96DB-99818D5680B4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BDC03B4D-98C2-4704-9BF9-47888489B9C7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "73E4EAA2-8842-41AB-B8E0-944CDF72C893", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9D71A8D2-C97E-4A0D-B4F7-19E0B24AC887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "362B6A59-1FFD-4C11-8F86-0A5516A36385", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value.", }, { lang: "es", value: "Una vulnerabilidad no especificada en IBM WebSphere MQ v7.0 antes de v7.0.1.5 permite a usuarios remotos autenticados causar una denegación de servicio (por consumo de disco) a través de vectores que provocan un FDC con un valor de Id en RM680004 Probe.", }, ], id: "CVE-2010-2638", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-11-15T21:00:03.237", references: [ { source: "cve@mitre.org", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71123", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/63147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/63147", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-07 17:29
Modified
2024-11-21 03:59
Severity ?
Summary
GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22013022 | Mitigation, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/103698 | ||
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/138212 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22013022 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103698 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/138212 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.0.1.0 | |
| ibm | websphere_mq | 7.0.1.1 | |
| ibm | websphere_mq | 7.0.1.2 | |
| ibm | websphere_mq | 7.0.1.3 | |
| ibm | websphere_mq | 7.0.1.4 | |
| ibm | websphere_mq | 7.0.1.5 | |
| ibm | websphere_mq | 7.0.1.6 | |
| ibm | websphere_mq | 7.0.1.7 | |
| ibm | websphere_mq | 7.0.1.8 | |
| ibm | websphere_mq | 7.0.1.9 | |
| ibm | websphere_mq | 7.0.1.10 | |
| ibm | websphere_mq | 7.0.1.11 | |
| ibm | websphere_mq | 7.0.1.12 | |
| ibm | websphere_mq | 7.0.1.13 | |
| ibm | websphere_mq | 7.0.1.14 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BDC03B4D-98C2-4704-9BF9-47888489B9C7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "73E4EAA2-8842-41AB-B8E0-944CDF72C893", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9D71A8D2-C97E-4A0D-B4F7-19E0B24AC887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "362B6A59-1FFD-4C11-8F86-0A5516A36385", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.5:*:*:*:*:*:*:*", matchCriteriaId: "5046C962-98D9-43C3-8D83-B144CE442A31", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.6:*:*:*:*:*:*:*", matchCriteriaId: "A379F4E4-5A82-454A-B1D0-D4CAAD9E1457", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.7:*:*:*:*:*:*:*", matchCriteriaId: "DECB8B77-BAB7-468E-8D22-57FE9F42F718", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.8:*:*:*:*:*:*:*", matchCriteriaId: "2CE2BBC9-7772-48FF-BDE5-D61F9E16BB0D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.9:*:*:*:*:*:*:*", matchCriteriaId: "0E3E613F-20C4-448E-99C7-C03587B2AE4B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.10:*:*:*:*:*:*:*", matchCriteriaId: "EC348B63-F62A-4F23-8BFC-EC6FDA057DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.11:*:*:*:*:*:*:*", matchCriteriaId: "7A3E5E8C-E897-4720-8B79-3D670B3A3CA0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.12:*:*:*:*:*:*:*", matchCriteriaId: "41B533BC-8796-4ADA-B67D-0CA41CD8BA65", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.13:*:*:*:*:*:*:*", matchCriteriaId: "C04E17D8-2D2B-4EF6-B5F5-3B6C720A551A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.14:*:*:*:*:*:*:*", matchCriteriaId: "1ACA359E-DA6D-4C5A-9605-124B0622C8B4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.", }, { lang: "es", value: "GSKit V7 podría revelar información del canal lateral mediante discrepancias entre rellenos PKCS#1 válidos e inválidos. IBM X-Force ID: 138212.", }, ], id: "CVE-2018-1388", lastModified: "2024-11-21T03:59:43.890", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-07T17:29:01.387", references: [ { source: "psirt@us.ibm.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22013022", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/103698", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138212", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22013022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/103698", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138212", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-09-10 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.0.2 | |
| ibm | websphere_mq | 7.0.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AF396289-8409-4FE2-96DB-99818D5680B4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data.", }, { lang: "es", value: "El servidor IBM WebSphere MQ v7.0.0.1, v7.0.0.2, y v7.0.1.0 permite a los atacantes causar una denegación de servicio (compuerta) o posiblemente otro impacto no especificado a través de datos mal formados.", }, ], id: "CVE-2009-3161", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-09-10T18:30:00.610", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36647", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { source: "cve@mitre.org", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC62164", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/36310", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/2578", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36647", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC62164", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/36310", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/2578", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-04 17:29
Modified
2024-11-21 03:22
Severity ?
Summary
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010340 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/134391 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010340 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/134391 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 | |
| ibm | websphere_mq | 8.0.0.6 | |
| ibm | websphere_mq | 9.0 | |
| ibm | websphere_mq | 9.0.0.1 | |
| ibm | websphere_mq | 9.0.1 | |
| ibm | websphere_mq | 9.0.2 | |
| ibm | websphere_mq | 9.0.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "D3679D6F-1E3A-4546-A05B-5B4EA515B4C9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", matchCriteriaId: "63E773A8-4ED2-47AA-A2D7-5CD02CBA47C0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4084EE93-8B41-493E-BB50-9ABC8E956C89", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "406AADD2-9732-44F1-91FC-F8C90088AD5A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*", matchCriteriaId: "018595DD-9AAD-44C7-9A46-BC78AF1F6C2B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.", }, { lang: "es", value: "IBM MQ Managed File Transfer Agent 8.0 y 9.0 establece permisos no seguros en determinados archivos que crea. Un atacante local podría explotar esta vulnerabilidad para modificar o borrar datos contenidos en los archivos con un impacto no conocido. IBM X-Force ID: 134391.", }, ], id: "CVE-2017-1699", lastModified: "2024-11-21T03:22:14.400", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-04T17:29:00.513", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22010340", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22010340", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-26 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.", }, { lang: "es", value: "runmqsc en IBM WebSphere MQ 8.x en versiones anteriores a 8.0.0.5 permite a usuarios locales eludir las restricciones de acceso de comandos destinados al gestor de colas aprovechando la autoridad para +connect y +dsp.", }, ], id: "CVE-2015-7473", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-26T14:59:00.137", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984555", }, { source: "psirt@us.ibm.com", url: "http://www.securitytracker.com/id/1036180", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984555", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036180", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-10-19 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration.", }, { lang: "es", value: "El componente Telemetry en WebSphere MQ 8.0.0.1 anterior a p000-001-L140910 permite a atacantes remotos evadir la autenticación estableciendo la propiedad JAASConfig en una configuración de cliente MQTT.", }, ], id: "CVE-2014-6116", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-19T01:55:15.747", references: [ { source: "psirt@us.ibm.com", url: "http://secunia.com/advisories/61064", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686210", }, { source: "psirt@us.ibm.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/61064", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686210", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96213", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-09-10 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.0.0.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "985DE0C7-1F86-4128-B177-0A2C84C138EE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AF396289-8409-4FE2-96DB-99818D5680B4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors.", }, { lang: "es", value: "Vulnerabilidad sin especificar en la función rriDecompress function de IBM WebSphere MQ v7.0.0.0, v7.0.0.1 v7.0.0.2 permite a atacantes remotos provocar una denegación de servicio a través de vectores de ataque desconocidos.", }, ], id: "CVE-2009-3159", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-09-10T18:30:00.563", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36647", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { source: "cve@mitre.org", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC62450", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/36310", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/2578", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36647", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC62450", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/36310", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/2578", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-09 01:29
Modified
2024-11-21 04:00
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/145456 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10734297 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/145456 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10734297 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | 9.1.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "5DD54027-9C8D-40BA-8B88-5BB7665A2DA8", versionEndIncluding: "8.0.0.10", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "C5D73B9F-B40A-4740-8A6E-F9210CBC42E0", versionEndIncluding: "9.0.0.5", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "5D1B1D9B-072B-4BE1-AEE7-73883EC2D753", versionEndIncluding: "9.0.5", versionStartIncluding: "9.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "82D7A612-CC28-4DE7-AB76-6866E90A7B3E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456.", }, { lang: "es", value: "IBM WebSphere MQ desde la versión 8.0 hasta la 9.1 es vulnerable a un error en las publicaciones de cadenas de temas MQTT que puede provocar una denegación de servicio (DoS). IBM X-Force ID: 145456.", }, ], id: "CVE-2018-1684", lastModified: "2024-11-21T04:00:12.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-09T01:29:00.367", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734297", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-02 17:29
Modified
2024-11-21 03:22
Severity ?
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22004378 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102418 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/131547 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22004378 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102418 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/131547 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 | |
| ibm | websphere_mq | 8.0.0.6 | |
| ibm | websphere_mq | 8.0.0.7 | |
| ibm | websphere_mq | 9.0 | |
| ibm | websphere_mq | 9.0.0.1 | |
| ibm | websphere_mq | 9.0.1 | |
| ibm | websphere_mq | 9.0.2 | |
| ibm | websphere_mq | 9.0.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "D3679D6F-1E3A-4546-A05B-5B4EA515B4C9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F4E6617F-85DF-49FE-B713-148624DC87A8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", matchCriteriaId: "63E773A8-4ED2-47AA-A2D7-5CD02CBA47C0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4084EE93-8B41-493E-BB50-9ABC8E956C89", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "406AADD2-9732-44F1-91FC-F8C90088AD5A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*", matchCriteriaId: "018595DD-9AAD-44C7-9A46-BC78AF1F6C2B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.", }, { lang: "es", value: "IBM WebSphere MQ 8.0 y 9.0 podría permitir que un usuario autenticado con autoridad envíe una petición especialmente manipulada que podría provocar que un proceso de canal deje de procesar más peticiones. IBM X-Force ID: 131547.", }, ], id: "CVE-2017-1557", lastModified: "2024-11-21T03:22:04.467", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-02T17:29:01.070", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22004378", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102418", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22004378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102418", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-11-12 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 6.0 | |
| ibm | websphere_mq | 6.0.0.0 | |
| ibm | websphere_mq | 6.0.1.0 | |
| ibm | websphere_mq | 6.0.1.1 | |
| ibm | websphere_mq | 6.0.2.0 | |
| ibm | websphere_mq | 6.0.2.1 | |
| ibm | websphere_mq | 6.0.2.2 | |
| ibm | websphere_mq | 6.0.2.3 | |
| ibm | websphere_mq | 6.0.2.4 | |
| ibm | websphere_mq | 6.0.2.5 | |
| ibm | websphere_mq | 6.0.2.6 | |
| ibm | websphere_mq | 6.0.2.7 | |
| ibm | websphere_mq | 6.0.2.8 | |
| ibm | websphere_mq | 6.0.2.10 | |
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.0.2 | |
| ibm | websphere_mq | 7.0.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E6D2279B-482A-4CA6-9EF2-C57A95969BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9728448F-E295-4C33-B2F4-17FAAFCDF169", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0F36C644-664C-4758-9762-E808C80AE904", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9C670A3F-7BBB-4115-A037-B5E732ABB6BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "24CD8F97-39E0-455C-92CA-F0FE9AE5A0CC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C97EC1D0-CA59-4E2C-84EB-054BF27D1BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "7CCD33A5-6567-43CB-909D-D1851ACF4AA8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*", matchCriteriaId: "D3664585-D0B4-467C-9B6D-4F8E239F7DCD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*", matchCriteriaId: "C2216808-BAE9-4034-9618-5EC4CCB80E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*", matchCriteriaId: "B6263B9D-A62A-4E41-958A-968F9ACA0CE6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*", matchCriteriaId: "19983CDF-4769-4B56-98ED-CE7EE0C1AFF6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.7:*:*:*:*:*:*:*", matchCriteriaId: "9377F533-15D0-4F81-B7C1-A84E5346EF6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.8:*:*:*:*:*:*:*", matchCriteriaId: "86A87B5A-D0B8-4F49-A655-CC5AC737782F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.10:*:*:*:*:*:*:*", matchCriteriaId: "AFF09F4C-9F56-4931-8839-044491B5FA40", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*", matchCriteriaId: "594287A4-AF30-4872-A5B8-1421FAB5C674", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AF396289-8409-4FE2-96DB-99818D5680B4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.", }, { lang: "es", value: "IBM WebSphere MQ v6.0 anterior v6.0.2.9 y v7.0 anterior v7.0.1.1 no encripta el nombre de usuarios y password en el campos de parámetros de seguridad, lo que permite a atacantes remotos a obtener información sensible por captura de tráfico de red desde una aplicación cliente .NET. \r\n\r\n", }, ], id: "CVE-2010-2637", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-11-12T21:00:01.283", references: [ { source: "cve@mitre.org", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005", }, { source: "cve@mitre.org", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27007069", }, { source: "cve@mitre.org", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/63114", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27007069", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/63114", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-08 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.1.0.3 | |
| ibm | websphere_mq | 7.1.0.4 | |
| ibm | websphere_mq | 7.1.0.5 | |
| ibm | websphere_mq | 7.1.0.6 | |
| ibm | websphere_mq | 7.5 | |
| ibm | websphere_mq | 7.5.0.2 | |
| ibm | websphere_mq | 7.5.0.3 | |
| ibm | websphere_mq | 7.5.0.4 | |
| ibm | websphere_mq | 7.5.0.5 | |
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "56C38EE8-1F6D-4BCF-AA46-D71E6F3EDAC6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "25AC9713-B00C-4A51-AEFB-7927B675E977", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "AFFC891B-ECE0-44DD-A0AD-5CA4A263961F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "CE71C30A-B8B5-42EA-9A90-44347FCC32D2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BDA4EE08-D531-4957-BF2A-C5A9ABB0F38D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "751BF695-E27A-4D9F-9190-84A7BCD5E268", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CDA1EF24-9710-4C4A-8059-917C02185CA3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "CC257545-44A3-4659-951D-F4DFF3B87CFB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.", }, { lang: "es", value: "El servicio MQXR en WMQ Telemetry en IBM WebSphere MQ 7.1 en versiones anteriores a 7.1.0.7, 7.5 hasta la versión 7.5.0.5 y 8.0 en versiones anteriores a 8.0.0.4 utiliza permisos de lectura para todos para un archivo de texto plano que contiene la contraseña del almacén de claves SSL, lo que permite a usuarios locales obtener información sensible mediante la lectura de dicho archivo.", }, ], id: "CVE-2015-2012", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-08T16:59:00.363", references: [ { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT09866", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21968399", }, { source: "psirt@us.ibm.com", url: "http://www.securitytracker.com/id/1034943", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT09866", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21968399", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034943", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, { lang: "en", value: "CWE-255", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-22 19:59
Modified
2024-11-21 02:49
Severity ?
Summary
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "E8D1F413-3197-451E-BCB9-61F65E5F5369", versionEndIncluding: "8.0.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.", }, { lang: "es", value: "Bajo configuraciones no estándar, WebSphere MQ de IBM, puede enviar datos de contraseña en texto sin cifrar por medio de la red. Estos datos podrían ser interceptados usando técnicas de tipo man in the middle.", }, ], id: "CVE-2016-3052", lastModified: "2024-11-21T02:49:15.977", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-22T19:59:00.217", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998660", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/96400", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998660", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96400", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-16 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/177081 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6223914 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/177081 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6223914 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "8E9843A4-04F5-4511-AFDE-E10FE9EEA656", versionEndExcluding: "8.0.0.15", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "03F00921-9822-4065-876C-1B53D19989FA", versionEndExcluding: "9.0.0.10", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "8AB35A75-BE63-4CD3-AB00-DF7FC284A2C0", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "92E9574E-C0C0-490E-8B5D-E9F90B109302", versionEndExcluding: "9.1.0.5", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1:*:*:*:*:*:*:*", matchCriteriaId: "417A12D5-4E6E-487E-9515-2410B3697639", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.", }, { lang: "es", value: "IBM MQ y MQ Appliance versiones 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS y versión 9.1 C, son vulnerables a un ataque de denegación de servicio debido a un error en la lógica de Conversión de Datos. ID de IBM X-Force: 177081", }, ], id: "CVE-2020-4310", lastModified: "2024-11-21T05:32:34.130", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-16T14:15:11.070", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177081", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6223914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6223914", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-09-25 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid address alignment exception and daemon crash) via vectors involving a multiplexed channel.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.0.1.0 | |
| ibm | websphere_mq | 7.0.1.1 | |
| ibm | websphere_mq | 7.0.1.2 | |
| ibm | websphere_mq | 7.0.1.3 | |
| ibm | websphere_mq | 7.0.1.4 | |
| ibm | websphere_mq | 7.0.1.5 | |
| ibm | websphere_mq | 7.0.1.6 | |
| ibm | websphere_mq | 7.0.1.7 | |
| ibm | websphere_mq | 7.0.1.8 | |
| ibm | websphere_mq | 7.1 | |
| ibm | websphere_mq | 7.5 | |
| oracle | solaris | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BDC03B4D-98C2-4704-9BF9-47888489B9C7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "73E4EAA2-8842-41AB-B8E0-944CDF72C893", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9D71A8D2-C97E-4A0D-B4F7-19E0B24AC887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "362B6A59-1FFD-4C11-8F86-0A5516A36385", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.5:*:*:*:*:*:*:*", matchCriteriaId: "5046C962-98D9-43C3-8D83-B144CE442A31", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.6:*:*:*:*:*:*:*", matchCriteriaId: "A379F4E4-5A82-454A-B1D0-D4CAAD9E1457", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.7:*:*:*:*:*:*:*", matchCriteriaId: "DECB8B77-BAB7-468E-8D22-57FE9F42F718", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.8:*:*:*:*:*:*:*", matchCriteriaId: "2CE2BBC9-7772-48FF-BDE5-D61F9E16BB0D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1:*:*:*:*:*:*:*", matchCriteriaId: "417A12D5-4E6E-487E-9515-2410B3697639", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid address alignment exception and daemon crash) via vectors involving a multiplexed channel.", }, { lang: "es", value: "El agente del canal de mensaje de servidor en el gestor de colas del servidor IBM WebSphere MQ v7.0.1 antes de v7.0.1.9, v7.1 y v7.5 en Solaris permite a atacantes remotos provocar una denegación de servicio (excepción por alineación de dirección inválida y caída del demonio) a través de vectores relacionados con un canal multiplexado.\r\n", }, ], id: "CVE-2012-2199", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-09-25T20:55:00.940", references: [ { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC82725", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21610285", }, { source: "psirt@us.ibm.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76434", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC82725", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21610285", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76434", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-01-13 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.0.2 | |
| ibm | websphere_mq | 7.0.1.0 | |
| ibm | websphere_mq | 7.0.1.1 | |
| ibm | websphere_mq | 7.0.1.2 | |
| ibm | websphere_mq | 7.0.1.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*", matchCriteriaId: "594287A4-AF30-4872-A5B8-1421FAB5C674", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AF396289-8409-4FE2-96DB-99818D5680B4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BDC03B4D-98C2-4704-9BF9-47888489B9C7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "73E4EAA2-8842-41AB-B8E0-944CDF72C893", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9D71A8D2-C97E-4A0D-B4F7-19E0B24AC887", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message.", }, { lang: "es", value: "Desbordamiento de búfer en IBM WebSphere MQ v7.0 anterior a v7.0.1.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) mediante un campo de cabecera manipulado en un mensaje", }, ], id: "CVE-2011-0310", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-01-13T19:00:05.930", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/70476", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/42958", }, { source: "cve@mitre.org", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/45923", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2011/0128", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64628", }, { source: "cve@mitre.org", url: "https://www-304.ibm.com/support/docview.wss?uid=swg1SE45551", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/70476", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/42958", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/45923", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2011/0128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64628", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www-304.ibm.com/support/docview.wss?uid=swg1SE45551", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-15 14:29
Modified
2024-11-21 03:59
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22014650 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/104488 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/138949 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22014650 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104488 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/138949 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 | |
| ibm | websphere_mq | 8.0.0.6 | |
| ibm | websphere_mq | 8.0.0.7 | |
| ibm | websphere_mq | 8.0.0.8 | |
| ibm | websphere_mq | 9.0 | |
| ibm | websphere_mq | 9.0.0.1 | |
| ibm | websphere_mq | 9.0.0.2 | |
| ibm | websphere_mq | 9.0.1 | |
| ibm | websphere_mq | 9.0.2 | |
| ibm | websphere_mq | 9.0.3 | |
| ibm | websphere_mq | 9.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "D3679D6F-1E3A-4546-A05B-5B4EA515B4C9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F4E6617F-85DF-49FE-B713-148624DC87A8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.8:*:*:*:*:*:*:*", matchCriteriaId: "03A2E32F-2019-4F5F-814D-60218B960A95", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", matchCriteriaId: "63E773A8-4ED2-47AA-A2D7-5CD02CBA47C0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4084EE93-8B41-493E-BB50-9ABC8E956C89", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "FA310DB1-904C-45D0-8CAC-0B01638A7D41", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "406AADD2-9732-44F1-91FC-F8C90088AD5A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*", matchCriteriaId: "018595DD-9AAD-44C7-9A46-BC78AF1F6C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CF68ED28-0999-4622-A923-624284229F13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.", }, { lang: "es", value: "IBM WebSphere MQ 8.0 y 9.0, cuando se configura para emplear un módulo PAM para autenticación, podría permitir que un usuario provoque un deadlock en el código IBM MQ PAM, lo que podría resultar en una denegación de servicio (DoS). IBM X-Force ID: 138949.", }, ], id: "CVE-2018-1419", lastModified: "2024-11-21T03:59:46.943", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-15T14:29:00.353", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014650", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104488", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138949", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014650", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104488", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138949", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-02-24 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 5.3 | |
| ibm | websphere_mq | 5.3 | |
| ibm | websphere_mq | 5.3.1 | |
| ibm | websphere_mq | 6.0.0.0 | |
| ibm | websphere_mq | 6.0.1.0 | |
| ibm | websphere_mq | 6.0.1.1 | |
| ibm | websphere_mq | 6.0.2.0 | |
| ibm | websphere_mq | 6.0.2.1 | |
| ibm | websphere_mq | 6.0.2.2 | |
| ibm | websphere_mq | 6.0.2.3 | |
| ibm | websphere_mq | 6.0.2.4 | |
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:5.3:*:*:*:*:*:*:*", matchCriteriaId: "36650BB9-861B-42B5-BCC1-492F84A64951", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:5.3:-:express:*:*:*:*:*", matchCriteriaId: "428C853E-4F29-487B-805A-17AC769E1D17", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "465D718A-ACA5-444B-99EE-67876B8D3687", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9728448F-E295-4C33-B2F4-17FAAFCDF169", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0F36C644-664C-4758-9762-E808C80AE904", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9C670A3F-7BBB-4115-A037-B5E732ABB6BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "24CD8F97-39E0-455C-92CA-F0FE9AE5A0CC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C97EC1D0-CA59-4E2C-84EB-054BF27D1BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "7CCD33A5-6567-43CB-909D-D1851ACF4AA8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*", matchCriteriaId: "D3664585-D0B4-467C-9B6D-4F8E239F7DCD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*", matchCriteriaId: "C2216808-BAE9-4034-9618-5EC4CCB80E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*", matchCriteriaId: "594287A4-AF30-4872-A5B8-1421FAB5C674", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.", }, { lang: "es", value: "Vulnerabilidad no especificada en el gestor de cola de IBM WebSphere MQ (WMQ) v5.3, v6.0 anterior a v6.0.2.6 y v7.0 anterior a v7.0.0.2; permite a usuarios locales obtener privilegios a través de vectores relacionados con los comandos de autorización (1) setmqaut, (2) dmpmqaut y (3) dspmqaut.", }, ], id: "CVE-2009-0439", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-02-24T17:30:00.420", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/52297", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/34034", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037", }, { source: "cve@mitre.org", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ40824", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/33857", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48529", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/52297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/34034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ40824", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/33857", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48529", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-16 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/170967 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1135095 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/170967 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1135095 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "307594DE-42ED-4BCA-9E0B-E8ECA97DB799", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "F65B1AC1-C86A-44B0-83A3-29101FACCEFE", versionEndIncluding: "9.0.0.9", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "0602BE96-C9C3-43FD-8F10-CA9B71805B43", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "B0E59D46-75D6-486D-8016-0B1BF8F8EB69", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "540183D8-751B-4442-9A2A-95D26AB8D23B", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "7C3893D3-0770-4E09-B6C5-B16EA587E217", versionEndIncluding: "7.5.0.9", versionStartIncluding: "7.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.", }, { lang: "es", value: "IBM MQ e IBM MQ Appliance versiones 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS y 9.1 CD, es vulnerable a un ataque de denegación de servicio que permitiría a un usuario autenticado bloquear la cola y requerir un reinicio debido a un fallo al procesar los mensajes de error. ID de IBM X-Force: 170967.", }, ], id: "CVE-2019-4656", lastModified: "2024-11-21T04:43:56.300", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-16T16:15:12.670", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1135095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1135095", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-10 15:29
Modified
2024-11-21 02:26
Severity ?
Summary
IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21960506 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/103482 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21960506 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/103482 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "20AB2BD0-497A-4AF8-AD11-895B1084FF51", versionEndExcluding: "7.5.0.6", versionStartIncluding: "7.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "05CEA792-2C56-4FF9-8BB5-4E523EE53CFE", versionEndExcluding: "8.0.0.3", versionStartIncluding: "8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482.", }, { lang: "es", value: "IBM WebSphere MQ, en versiones 7.5.x anteriores a la 7.5.0.6 y versiones 8.0.x anteriores a la 8.0.0.3, permite que usuarios autenticados remotos obtengan información sensible mediante un ataque Man-in-the-Middle (MitM). Esto está relacionado con la duplicación de datos de mensajes en texto claro fuera de la carga útil protegida. IBM X-Force ID: 103482.", }, ], id: "CVE-2015-1957", lastModified: "2024-11-21T02:26:28.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-10T15:29:01.003", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960506", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/103482", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960506", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/103482", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-11 22:29
Modified
2024-11-21 04:00
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/153915 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10792043 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/153915 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10792043 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "5DD54027-9C8D-40BA-8B88-5BB7665A2DA8", versionEndIncluding: "8.0.0.10", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "C5D73B9F-B40A-4740-8A6E-F9210CBC42E0", versionEndIncluding: "9.0.0.5", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "D9C7FA58-2C28-4AB9-86C0-2846EBF2F568", versionEndIncluding: "9.1.1", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.", }, { lang: "es", value: "IBM WebSphere, desde la versión 8.0.0.0 hasta la 9.1.1, podría permitir a un atacante autenticado escalar sus privilegios a la hora de utilizar canales multiplexados. IBM X-Force ID: 153915.", }, ], id: "CVE-2018-1974", lastModified: "2024-11-21T04:00:40.757", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-11T22:29:00.610", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/153915", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10792043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/153915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10792043", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-07-07 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 6.0 | |
| ibm | websphere_mq | 6.0.1.0 | |
| ibm | websphere_mq | 6.0.1.1 | |
| ibm | websphere_mq | 6.0.2.0 | |
| ibm | websphere_mq | 6.0.2.1 | |
| ibm | websphere_mq | 6.0.2.2 | |
| ibm | websphere_mq | 6.0.2.3 | |
| ibm | websphere_mq | 6.0.2.4 | |
| ibm | websphere_mq | 6.0.2.5 | |
| ibm | websphere_mq | 6.0.2.6 | |
| ibm | websphere_mq | 6.0.2.7 | |
| ibm | websphere_mq | 6.0.2.8 | |
| ibm | websphere_mq | 6.0.2.9 | |
| ibm | websphere_mq | 6.0.2.10 | |
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.0.2 | |
| ibm | websphere_mq | 7.0.1.0 | |
| ibm | websphere_mq | 7.0.1.1 | |
| ibm | websphere_mq | 7.0.1.2 | |
| ibm | websphere_mq | 7.0.1.3 | |
| ibm | websphere_mq | 7.0.1.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E6D2279B-482A-4CA6-9EF2-C57A95969BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0F36C644-664C-4758-9762-E808C80AE904", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9C670A3F-7BBB-4115-A037-B5E732ABB6BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "24CD8F97-39E0-455C-92CA-F0FE9AE5A0CC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C97EC1D0-CA59-4E2C-84EB-054BF27D1BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "7CCD33A5-6567-43CB-909D-D1851ACF4AA8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*", matchCriteriaId: "D3664585-D0B4-467C-9B6D-4F8E239F7DCD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*", matchCriteriaId: "C2216808-BAE9-4034-9618-5EC4CCB80E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*", matchCriteriaId: "B6263B9D-A62A-4E41-958A-968F9ACA0CE6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*", matchCriteriaId: "19983CDF-4769-4B56-98ED-CE7EE0C1AFF6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.7:*:*:*:*:*:*:*", matchCriteriaId: "9377F533-15D0-4F81-B7C1-A84E5346EF6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.8:*:*:*:*:*:*:*", matchCriteriaId: "86A87B5A-D0B8-4F49-A655-CC5AC737782F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.9:*:*:*:*:*:*:*", matchCriteriaId: "5B0FE244-1CAC-44AB-A032-0A7A486009D6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.10:*:*:*:*:*:*:*", matchCriteriaId: "AFF09F4C-9F56-4931-8839-044491B5FA40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*", matchCriteriaId: "594287A4-AF30-4872-A5B8-1421FAB5C674", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AF396289-8409-4FE2-96DB-99818D5680B4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BDC03B4D-98C2-4704-9BF9-47888489B9C7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "73E4EAA2-8842-41AB-B8E0-944CDF72C893", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9D71A8D2-C97E-4A0D-B4F7-19E0B24AC887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "362B6A59-1FFD-4C11-8F86-0A5516A36385", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application.", }, { lang: "es", value: "IBM WebSphere MQ v6.0 antes de v6.0.2.11 y antes de v7.0.1.5 7.0 no utiliza la extensión de certificado de los puntos de distribución (CDP) de los CRL (Listas de revocación de certificados), lo que podría permitir que a través de un ataque \"man-in-the-middle\" se pueda falsificar un socio SSL a través de un certificado revocado por (1) un cliente, (2) gestor de colas, o (3) la aplicación.", }, ], id: "CVE-2011-1224", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-07-07T21:55:01.133", references: [ { source: "cve@mitre.org", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27007069", }, { source: "cve@mitre.org", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { source: "cve@mitre.org", url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ92813", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/68229", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27007069", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ92813", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/68229", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-16 17:15
Modified
2024-11-21 06:18
Severity ?
Summary
IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/211403 | Broken Link, VDB Entry | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6516424 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/211403 | Broken Link, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6516424 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "307594DE-42ED-4BCA-9E0B-E8ECA97DB799", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "13D55813-BBE9-4FC0-B631-B468DC360E11", versionEndExcluding: "9.0.0.9", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "8AB35A75-BE63-4CD3-AB00-DF7FC284A2C0", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "92E9574E-C0C0-490E-8B5D-E9F90B109302", versionEndExcluding: "9.1.0.5", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", matchCriteriaId: "C684FC45-C9BA-4EF0-BD06-BB289450DD21", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.", }, { lang: "es", value: "IBM MQ versiones 7.5, 8.0, 9.0 LTS, 9.1 CD y 9.1 LTS, almacena las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario local. IBM X-Force ID: 211403", }, ], id: "CVE-2021-38949", lastModified: "2024-11-21T06:18:16.567", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-16T17:15:06.920", references: [ { source: "psirt@us.ibm.com", tags: [ "Broken Link", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/211403", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6516424", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/211403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6516424", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-312", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-05-07 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.1 | |
| ibm | websphere_mq | 7.1.0.1 | |
| ibm | websphere_mq | 7.1.0.2 | |
| ibm | websphere_mq | 7.1.0.3 | |
| ibm | websphere_mq | 7.1.0.4 | |
| ibm | websphere_mq | 7.5 | |
| ibm | websphere_mq | 7.5.0.1 | |
| ibm | websphere_mq | 7.5.0.2 | |
| ibm | websphere_mq | 7.5.0.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1:*:*:*:*:*:*:*", matchCriteriaId: "417A12D5-4E6E-487E-9515-2410B3697639", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5C711485-326F-47AC-A999-95F593B086B3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B84C0416-B334-45C1-9BA7-E66D9371BD80", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "56C38EE8-1F6D-4BCF-AA46-D71E6F3EDAC6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "25AC9713-B00C-4A51-AEFB-7927B675E977", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0343E94F-6DE2-4E27-AFC5-D4650A4519F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BDA4EE08-D531-4957-BF2A-C5A9ABB0F38D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "751BF695-E27A-4D9F-9190-84A7BCD5E268", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors.", }, { lang: "es", value: "inetd en IBM WebSphere MQ 7.1.x anterior a 7.1.0.5 y 7.5.x anterior a 7.5.0.4 permite a atacantes remotos causar una denegación de servicio (consumo de disco o de CPU) a través de vectores no especificados.", }, ], id: "CVE-2014-0911", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-05-07T10:55:04.900", references: [ { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55886", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21670374", }, { source: "psirt@us.ibm.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91876", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55886", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21670374", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91876", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-03-02 04:57
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.5 | |
| ibm | websphere_mq | 7.5.0.1 | |
| ibm | websphere_mq | 7.5.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0343E94F-6DE2-4E27-AFC5-D4650A4519F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BDA4EE08-D531-4957-BF2A-C5A9ABB0F38D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en WMQ Telemetry en IBM WebSphere MQ 7.5 anterior a 7.5.0.3 permite a atacantes remotos leer archivos arbitrarios a través de una URI manipulada.", }, ], id: "CVE-2013-4054", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-03-02T04:57:25.747", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21664550", }, { source: "psirt@us.ibm.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/86506", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21664550", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/86506", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-16 16:15
Modified
2024-11-21 04:44
Severity ?
Summary
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/172124 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1136608 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/172124 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1136608 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "307594DE-42ED-4BCA-9E0B-E8ECA97DB799", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "F65B1AC1-C86A-44B0-83A3-29101FACCEFE", versionEndIncluding: "9.0.0.9", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "0602BE96-C9C3-43FD-8F10-CA9B71805B43", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "B0E59D46-75D6-486D-8016-0B1BF8F8EB69", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "540183D8-751B-4442-9A2A-95D26AB8D23B", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "6DC4569D-0B83-4E88-A05D-3226DCF65E59", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", matchCriteriaId: "0AC72003-825A-4D5E-8012-E768CD8DFA3C", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "7C3893D3-0770-4E09-B6C5-B16EA587E217", versionEndIncluding: "7.5.0.9", versionStartIncluding: "7.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.", }, { lang: "es", value: "IBM MQ e IBM MQ Appliance versiones 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS y 9.1 CD, podrían permitir a un atacante local obtener información confidencial mediante la inclusión de datos confidenciales dentro de los datos runmqras.", }, ], id: "CVE-2019-4719", lastModified: "2024-11-21T04:44:02.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-16T16:15:12.750", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1136608", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1136608", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-04-27 15:30
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via "incorrect channel control data."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.0.0 | |
| ibm | websphere_mq | 7.0.1 | |
| ibm | websphere_mq | 7.0.1.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "60DCA00B-371E-498A-8687-FB8F057BE7BE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "B6DA363E-A18E-4F73-8F8F-15D383930221", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BDC03B4D-98C2-4704-9BF9-47888489B9C7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via \"incorrect channel control data.\"", }, { lang: "es", value: "Una vulnerabilidad no especificada en el proceso de canales en IBM WebSphere MQ v7.0 antes v7.0.1.2 permite a usuarios remotos autenticados causar una denegación de servicio (mediante caida del demonio) a través de \"datos incorrectos en el canal de control.\"", }, ], id: "CVE-2010-0772", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-04-27T15:30:01.250", references: [ { source: "cve@mitre.org", url: "http://securitytracker.com/id?1023961", }, { source: "cve@mitre.org", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ68621", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2010/1083", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/58039", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1023961", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ68621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/1083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/58039", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-28 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/186509 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6408626 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/186509 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6408626 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | mq | 8.0.0.0 | |
| ibm | mq | 8.0.0.1 | |
| ibm | mq | 8.0.0.2 | |
| ibm | mq | 8.0.0.3 | |
| ibm | mq | 8.0.0.4 | |
| ibm | mq | 8.0.0.5 | |
| ibm | mq | 8.0.0.6 | |
| ibm | mq | 8.0.0.7 | |
| ibm | mq | 8.0.0.8 | |
| ibm | mq | 8.0.0.9 | |
| ibm | mq | 8.0.0.10 | |
| ibm | mq | 8.0.0.11 | |
| ibm | mq | 8.0.0.12 | |
| ibm | mq | 8.0.0.13 | |
| ibm | mq | 8.0.0.14 | |
| ibm | mq | 8.0.0.15 | |
| ibm | mq | 9.0.0.0 | |
| ibm | mq | 9.0.0.1 | |
| ibm | mq | 9.0.0.2 | |
| ibm | mq | 9.0.0.3 | |
| ibm | mq | 9.0.0.4 | |
| ibm | mq | 9.0.0.5 | |
| ibm | mq | 9.0.0.6 | |
| ibm | mq | 9.0.0.7 | |
| ibm | mq | 9.0.0.8 | |
| ibm | mq | 9.0.0.9 | |
| ibm | mq | 9.0.0.10 | |
| ibm | mq | 9.1.0.0 | |
| ibm | mq | 9.1.0.1 | |
| ibm | mq | 9.1.0.2 | |
| ibm | mq | 9.1.0.3 | |
| ibm | mq | 9.1.0.4 | |
| ibm | mq | 9.1.0.5 | |
| ibm | mq | 9.1.0.6 | |
| ibm | mq | 9.2.0.0 | |
| ibm | mq | 9.2.1.0 | |
| ibm | mq_appliance | 9.2.0.0 | |
| ibm | websphere_mq | 7.5.0.0 | |
| ibm | websphere_mq | 7.5.0.1 | |
| ibm | websphere_mq | 7.5.0.2 | |
| ibm | websphere_mq | 7.5.0.3 | |
| ibm | websphere_mq | 7.5.0.4 | |
| ibm | websphere_mq | 7.5.0.5 | |
| ibm | websphere_mq | 7.5.0.6 | |
| ibm | websphere_mq | 7.5.0.7 | |
| ibm | websphere_mq | 7.5.0.8 | |
| ibm | websphere_mq | 7.5.0.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CC5F66BE-1A17-4A4E-AC8C-EA1CAF7AC09C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "DF9603C1-D840-4904-AE6F-A22DD1EE62A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89484A74-154F-4B7F-97C7-A8014CE90B1A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "2B7D03F7-37F6-4D27-A24C-2C6D5118D8AF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "01735BC7-4CF2-4A52-9A4A-3DE470161C46", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "743149EB-7330-470B-B2FF-E1881E52FCC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "B683ED2B-D16D-45B6-AA2E-85C53BD365FF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1D8A3EDB-A8B2-4D4B-8BFF-4FCAA71C6E0C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.8:*:*:*:*:*:*:*", matchCriteriaId: "C955E798-BFC9-40ED-9C87-7419258D5B7D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.9:*:*:*:*:*:*:*", matchCriteriaId: "CFC27C59-29E3-4003-A0B2-8E8523607BF0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.10:*:*:*:*:*:*:*", matchCriteriaId: "27181014-820E-4F83-9A4C-3BFE20C3F51C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.11:*:*:*:*:*:*:*", matchCriteriaId: "D50267F1-CDF0-44C0-AD00-2B31056ADA81", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.12:*:*:*:*:*:*:*", matchCriteriaId: "ABC33CD9-114F-44FE-803B-481CE0FA1152", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.13:*:*:*:*:*:*:*", matchCriteriaId: "03A4D2DF-CD27-495D-97BD-8368544BA79A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.14:*:*:*:*:*:*:*", matchCriteriaId: "D051AEA9-B175-4596-82E1-5C1947E90B78", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:8.0.0.15:*:*:*:*:*:*:*", matchCriteriaId: "B79D5A00-E1B4-4C84-A785-DE95AA269D41", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.1:*:*:*:lts:*:*:*", matchCriteriaId: "34EE34F4-C261-490A-99D3-39931015AF7B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.2:*:*:*:lts:*:*:*", matchCriteriaId: "2F6183AA-BD76-4296-B5F4-4BF5C208D6BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.3:*:*:*:lts:*:*:*", matchCriteriaId: "64E400B5-794D-464B-86AB-18DFF51B513B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.4:*:*:*:lts:*:*:*", matchCriteriaId: "AF0640FB-9FC1-42DC-AE8E-F5D08F91499C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.5:*:*:*:lts:*:*:*", matchCriteriaId: "3A17226C-45FE-4813-986E-E56FAE069ED6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.6:*:*:*:lts:*:*:*", matchCriteriaId: "86076A60-CF54-4415-BBB8-43FCE6DAA730", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.7:*:*:*:lts:*:*:*", matchCriteriaId: "377AD541-582A-42BA-95E4-6D5C83853935", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.8:*:*:*:lts:*:*:*", matchCriteriaId: "E740B9BE-F7FE-4C5B-AAA2-374317DB311F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.9:*:*:*:lts:*:*:*", matchCriteriaId: "9E11D5A7-36E7-486F-ADF0-249077131F25", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.0.0.10:*:*:*:lts:*:*:*", matchCriteriaId: "7A734DD2-B1AB-4878-8FC3-B2DE1E0594A6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "2E9E3A1B-D35D-4029-835C-C27917C2ABD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.1:*:*:*:lts:*:*:*", matchCriteriaId: "5B896932-B8E9-4DC9-AFEF-FA78A582C6A9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.2:*:*:*:lts:*:*:*", matchCriteriaId: "68CA3D42-2435-40A7-A3C0-C3D96AF0FFE9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.3:*:*:*:lts:*:*:*", matchCriteriaId: "7050C0EB-7265-4E8C-A409-F12D290C7814", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.4:*:*:*:lts:*:*:*", matchCriteriaId: "A659039B-261A-4EC9-A98C-5F8AED25DC8D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.5:*:*:*:lts:*:*:*", matchCriteriaId: "968BD11F-D548-4288-BA30-1ED1633E6E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.1.0.6:*:*:*:lts:*:*:*", matchCriteriaId: "272C2020-A724-4F41-8AD4-E0F821711653", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "A5A3F5F2-7759-47F3-948B-59A2DF6DD0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:9.2.1.0:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "D278C55A-7E38-469F-9D65-35EB02C271F1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*", matchCriteriaId: "0D974075-234B-443A-A6BE-3E2547379894", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "FB55C2B8-5202-4902-B5F3-8254424062F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0343E94F-6DE2-4E27-AFC5-D4650A4519F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BDA4EE08-D531-4957-BF2A-C5A9ABB0F38D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "751BF695-E27A-4D9F-9190-84A7BCD5E268", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CDA1EF24-9710-4C4A-8059-917C02185CA3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "CC257545-44A3-4659-951D-F4DFF3B87CFB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FD4E86C-0E58-4A91-A18C-534464BC197A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "AE4B1F7A-8989-4B4E-A75E-037B38ED7536", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D98FEC2B-14F4-48EF-A7D2-DA4451EBD402", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.9:*:*:*:*:*:*:*", matchCriteriaId: "D70EC47A-CDF1-45AC-8393-EE6A604AE538", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.", }, { lang: "es", value: "IBM MQ versiones 7.5, 8.0, 9.0, 9.1, 9.2 LTS y 9.2 CD, podrían permitir a un atacante remoto ejecutar código arbitrario en el sistema, causado por una deserialización no segura de datos confiables. Un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema. IBM X-Force ID: 186509", }, ], id: "CVE-2020-4682", lastModified: "2024-11-21T05:33:07.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-28T13:15:12.000", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6408626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6408626", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-03-09 02:44
Modified
2025-04-09 00:30
Severity ?
Summary
The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:fp_13:*:*:*:*:*:*", matchCriteriaId: "68907115-7F32-4C32-A2AC-B7C9E4F0BA57", versionEndIncluding: "5.3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "E9A2214B-937A-4138-A39F-2980A61922DA", versionEndIncluding: "6.0.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.", }, { lang: "es", value: "El cliente WebSphere MQ XA 5.3 antes de FP13 y 6.0.x antes de 6.0.2.1 para Windows, cuando se ejecuta en un entorno MTS o COM+, garantiza el privilegio PROCESS_DUP_HANDLE al grupo Everyone (Todo el mundo) hasta la conexión a un gestionador de cola, el cual permite a usuarios locales duplicar una manipulación de su elección y prosiblemente secuestrar un proceso de su elección.", }, ], id: "CVE-2007-6705", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-03-09T02:44:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/43167", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1019529", }, { source: "cve@mitre.org", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC50431", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/43167", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1019529", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC50431", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-22 19:59
Modified
2024-11-21 02:49
Severity ?
Summary
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "E8D1F413-3197-451E-BCB9-61F65E5F5369", versionEndIncluding: "8.0.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.", }, { lang: "es", value: "IBM WebSphere MQ 8.0 podría permitir a un usuario autenticado bloquear el canal MQ debido al manejo incorrecto de la conversión de datos. IBM Reference #: 1998661.", }, ], id: "CVE-2016-3013", lastModified: "2024-11-21T02:49:11.630", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-22T19:59:00.170", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998661", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/96394", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998661", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96394", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-19", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-29 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1:*:*:*:*:*:*:*", matchCriteriaId: "417A12D5-4E6E-487E-9515-2410B3697639", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors.", }, { lang: "es", value: "IBM WebSphere MQ v7.1, cuando un canal SVRCONN es usado, permite a atacantes remotos evitar los pasos de security-configuration setup y obtener acceso queue-manager vía vectores no especificados.", }, ], id: "CVE-2012-3295", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-29T22:55:01.393", references: [ { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM56593", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21595523", }, { source: "psirt@us.ibm.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77279", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM56593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21595523", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77279", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-23 13:29
Modified
2024-11-21 03:22
Severity ?
Summary
IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22013023 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/136975 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22013023 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/136975 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "2D422EF1-ACA1-4109-99EE-DD34E0FBEBC3", versionEndIncluding: "8.0.0.8", versionStartIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "A6D2E1F1-C1BD-46B3-AE9D-4FA9849F16F8", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.", }, { lang: "es", value: "IBM WebSphere MQ, desde la versión 8.0 hasta la versión 8.0.0.8 y la versión 9.0 hasta la 9.0.4, bajo circunstancias especiales, podría permitir que un usuario autenticado consuma todos los recursos debido a una fuga de memoria que resulta en la pérdida del servicio. IBM X-Force ID: 136975.", }, ], id: "CVE-2017-1786", lastModified: "2024-11-21T03:22:21.597", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-23T13:29:00.483", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22013023", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22013023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-772", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-07-02 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.0.2 | |
| ibm | websphere_mq | 7.0.1.0 | |
| ibm | websphere_mq | 7.0.1.1 | |
| ibm | websphere_mq | 7.0.1.2 | |
| ibm | websphere_mq | 7.0.1.3 | |
| ibm | websphere_mq | 7.0.1.4 | |
| ibm | websphere_mq | 7.0.1.5 | |
| ibm | websphere_mq | 7.0.1.6 | |
| ibm | websphere_mq | 7.0.1.7 | |
| ibm | websphere_mq | 7.0.1.8 | |
| ibm | websphere_mq | 7.0.1.9 | |
| ibm | websphere_mq | 7.0.1.10 | |
| ibm | websphere_mq | 7.1 | |
| ibm | websphere_mq | 7.1.0.1 | |
| ibm | websphere_mq | 7.1.0.2 | |
| ibm | websphere_mq | 7.5 | |
| ibm | websphere_mq | 7.5.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*", matchCriteriaId: "594287A4-AF30-4872-A5B8-1421FAB5C674", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AF396289-8409-4FE2-96DB-99818D5680B4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BDC03B4D-98C2-4704-9BF9-47888489B9C7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "73E4EAA2-8842-41AB-B8E0-944CDF72C893", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9D71A8D2-C97E-4A0D-B4F7-19E0B24AC887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "362B6A59-1FFD-4C11-8F86-0A5516A36385", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.5:*:*:*:*:*:*:*", matchCriteriaId: "5046C962-98D9-43C3-8D83-B144CE442A31", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.6:*:*:*:*:*:*:*", matchCriteriaId: "A379F4E4-5A82-454A-B1D0-D4CAAD9E1457", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.7:*:*:*:*:*:*:*", matchCriteriaId: "DECB8B77-BAB7-468E-8D22-57FE9F42F718", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.8:*:*:*:*:*:*:*", matchCriteriaId: "2CE2BBC9-7772-48FF-BDE5-D61F9E16BB0D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.9:*:*:*:*:*:*:*", matchCriteriaId: "0E3E613F-20C4-448E-99C7-C03587B2AE4B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.10:*:*:*:*:*:*:*", matchCriteriaId: "EC348B63-F62A-4F23-8BFC-EC6FDA057DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1:*:*:*:*:*:*:*", matchCriteriaId: "417A12D5-4E6E-487E-9515-2410B3697639", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5C711485-326F-47AC-A999-95F593B086B3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B84C0416-B334-45C1-9BA7-E66D9371BD80", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0343E94F-6DE2-4E27-AFC5-D4650A4519F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors.", }, { lang: "es", value: "Múltiples desbordamientos de búfer en programas mqm en IBM WebSphere MQ v7.0.x anterior a v7.0.1.11, v7.1.x anterior a v7.1.0.3, y v7.5.x anterior a v7.5.0.2 sobre plataformas no-Windows permite a usuarios locales ganar privilegios mediante vectores desconocidos.", }, ], id: "CVE-2013-3028", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-07-02T21:55:02.227", references: [ { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV43368", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21639001", }, { source: "psirt@us.ibm.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/84564", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV43368", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21639001", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/84564", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-05 14:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/160013 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10886887 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/160013 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10886887 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "378FDA1D-6ED0-4A6E-84B9-02BF8AE8DCAE", versionEndIncluding: "8.0.0.11", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "CD1D619F-AE0C-44C3-805D-6BD11E2D8361", versionEndIncluding: "9.0.0.6", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "019FF429-9C0B-4B5F-8C09-4581B436CC19", versionEndIncluding: "9.1.2", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "3B23C334-D8CC-4DF2-A292-D75D8B90E45E", versionEndIncluding: "9.1.0.2", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "608A2459-5996-492A-BE82-CD008CA35814", versionEndIncluding: "7.1.0.9", versionStartIncluding: "7.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "FB8AA3EF-67B7-40CA-8FF0-27482CA5F5A5", versionEndIncluding: "7.5.0.9", versionStartIncluding: "7.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.", }, { lang: "es", value: "IBM WebSphere MQ versión V7.1, 7.5, IBM MQ versión V8, IBM MQ versión V9.0LTS, IBM MQ versión V9.1 LTS e IBM MQ versión V9.1 CD, son vulnerables a un ataque de denegación de servicio causado por mensajes especialmente diseñados. ID de IBM X-Force: 160013.", }, ], id: "CVE-2019-4261", lastModified: "2024-11-21T04:43:23.613", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-05T14:15:12.007", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10886887", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10886887", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-07 15:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22005400 | Issue Tracking, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102042 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/126456 | Issue Tracking, VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22005400 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102042 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/126456 | Issue Tracking, VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 | |
| ibm | websphere_mq | 8.0.0.6 | |
| ibm | websphere_mq | 8.0.0.7 | |
| ibm | websphere_mq | 9.0 | |
| ibm | websphere_mq | 9.0.0.1 | |
| ibm | websphere_mq | 9.0.1 | |
| ibm | websphere_mq | 9.0.2 | |
| ibm | websphere_mq | 9.0.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "D3679D6F-1E3A-4546-A05B-5B4EA515B4C9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F4E6617F-85DF-49FE-B713-148624DC87A8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", matchCriteriaId: "63E773A8-4ED2-47AA-A2D7-5CD02CBA47C0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4084EE93-8B41-493E-BB50-9ABC8E956C89", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "406AADD2-9732-44F1-91FC-F8C90088AD5A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*", matchCriteriaId: "018595DD-9AAD-44C7-9A46-BC78AF1F6C2B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.", }, { lang: "es", value: "IBM WebSphere MQ 8.0 y 9.0 podría permitir, bajo circunstancias especiales, que un usuario no autorizado acceda a un objeto para el que no deberían contar con acceso. IBM X-Force ID: 126456.", }, ], id: "CVE-2017-1341", lastModified: "2024-11-21T03:21:44.993", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-07T15:29:00.563", references: [ { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005400", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102042", }, { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005400", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102042", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-22 19:59
Modified
2024-11-21 03:00
Severity ?
Summary
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "153F42BE-64AE-4D38-94C1-E59EF10632A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.", }, { lang: "es", value: "IBM WebSphere MQ 8.0 podría permitir a un usuario autenticado con acceso al gestor de colas y a la cola, denegar el servicio a otros canales ejecutándose bajo el mismo proceso. IBM Reference #: 1998649.", }, ], id: "CVE-2016-8915", lastModified: "2024-11-21T03:00:17.360", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-22T19:59:00.247", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998649", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/96403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998649", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96403", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-10-30 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 6.0 | |
| ibm | websphere_mq | 6.0.1.0 | |
| ibm | websphere_mq | 6.0.1.1 | |
| ibm | websphere_mq | 6.0.2.0 | |
| ibm | websphere_mq | 6.0.2.1 | |
| ibm | websphere_mq | 6.0.2.2 | |
| ibm | websphere_mq | 6.0.2.3 | |
| ibm | websphere_mq | 6.0.2.4 | |
| ibm | websphere_mq | 6.0.2.5 | |
| ibm | websphere_mq | 6.0.2.6 | |
| ibm | websphere_mq | 6.0.2.10 | |
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E6D2279B-482A-4CA6-9EF2-C57A95969BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0F36C644-664C-4758-9762-E808C80AE904", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9C670A3F-7BBB-4115-A037-B5E732ABB6BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "24CD8F97-39E0-455C-92CA-F0FE9AE5A0CC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C97EC1D0-CA59-4E2C-84EB-054BF27D1BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "7CCD33A5-6567-43CB-909D-D1851ACF4AA8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*", matchCriteriaId: "D3664585-D0B4-467C-9B6D-4F8E239F7DCD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*", matchCriteriaId: "C2216808-BAE9-4034-9618-5EC4CCB80E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*", matchCriteriaId: "B6263B9D-A62A-4E41-958A-968F9ACA0CE6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*", matchCriteriaId: "19983CDF-4769-4B56-98ED-CE7EE0C1AFF6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.10:*:*:*:*:*:*:*", matchCriteriaId: "AFF09F4C-9F56-4931-8839-044491B5FA40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*", matchCriteriaId: "594287A4-AF30-4872-A5B8-1421FAB5C674", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AF396289-8409-4FE2-96DB-99818D5680B4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.", }, { lang: "es", value: "Desbordamiento de búfer basado en memoria dinámica en el cliente de IBM WebSphere MQ v6.0 anterior a v6.0.2.7 y v7.0 anterior a v7.0.1.0 permite a usuarios locales conseguir privilegios a través de la información elaborada SSL en un fichero Client Channel Definition Table (CCDT).", }, ], id: "CVE-2009-0900", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 2.7, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-10-30T19:55:00.773", references: [ { source: "cve@mitre.org", url: "http://www.ibm.com/support/docview.wss?uid=swg1IC59375", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51038", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ibm.com/support/docview.wss?uid=swg1IC59375", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51038", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-11 21:29
Modified
2024-11-21 03:22
Severity ?
Summary
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22005392 | Issue Tracking, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/126454 | Issue Tracking, VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22005392 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/126454 | Issue Tracking, VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.5 | |
| ibm | websphere_mq | 7.5.0.1 | |
| ibm | websphere_mq | 7.5.0.2 | |
| ibm | websphere_mq | 7.5.0.3 | |
| ibm | websphere_mq | 7.5.0.4 | |
| ibm | websphere_mq | 7.5.0.5 | |
| ibm | websphere_mq | 7.5.0.6 | |
| ibm | websphere_mq | 7.5.0.7 | |
| ibm | websphere_mq | 7.5.0.8 | |
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 | |
| ibm | websphere_mq | 8.0.0.6 | |
| ibm | websphere_mq | 9.0 | |
| ibm | websphere_mq | 9.0.0.1 | |
| ibm | websphere_mq | 9.0.1 | |
| ibm | websphere_mq | 9.0.2 | |
| ibm | websphere_mq | 9.0.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0343E94F-6DE2-4E27-AFC5-D4650A4519F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BDA4EE08-D531-4957-BF2A-C5A9ABB0F38D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "751BF695-E27A-4D9F-9190-84A7BCD5E268", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CDA1EF24-9710-4C4A-8059-917C02185CA3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "CC257545-44A3-4659-951D-F4DFF3B87CFB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FD4E86C-0E58-4A91-A18C-534464BC197A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "AE4B1F7A-8989-4B4E-A75E-037B38ED7536", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D98FEC2B-14F4-48EF-A7D2-DA4451EBD402", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "D3679D6F-1E3A-4546-A05B-5B4EA515B4C9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", matchCriteriaId: "63E773A8-4ED2-47AA-A2D7-5CD02CBA47C0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4084EE93-8B41-493E-BB50-9ABC8E956C89", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "406AADD2-9732-44F1-91FC-F8C90088AD5A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*", matchCriteriaId: "018595DD-9AAD-44C7-9A46-BC78AF1F6C2B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.", }, { lang: "es", value: "IBM WebSphere MQ 7.5, 8.0 y 9.0 podría permitir que un usuario local provoque el cierre inesperado del hilo del agente del gestor de cola y exponer información sensible. IBM X-Force ID: 126454.", }, ], id: "CVE-2017-1760", lastModified: "2024-11-21T03:22:19.597", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-11T21:29:00.750", references: [ { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005392", }, { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126454", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005392", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126454", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-10-30 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 6.0 | |
| ibm | websphere_mq | 6.0.1.0 | |
| ibm | websphere_mq | 6.0.1.1 | |
| ibm | websphere_mq | 6.0.2.0 | |
| ibm | websphere_mq | 6.0.2.1 | |
| ibm | websphere_mq | 6.0.2.2 | |
| ibm | websphere_mq | 6.0.2.3 | |
| ibm | websphere_mq | 6.0.2.4 | |
| ibm | websphere_mq | 6.0.2.5 | |
| ibm | websphere_mq | 6.0.2.6 | |
| ibm | websphere_mq | 6.0.2.7 | |
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E6D2279B-482A-4CA6-9EF2-C57A95969BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0F36C644-664C-4758-9762-E808C80AE904", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9C670A3F-7BBB-4115-A037-B5E732ABB6BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "24CD8F97-39E0-455C-92CA-F0FE9AE5A0CC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C97EC1D0-CA59-4E2C-84EB-054BF27D1BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "7CCD33A5-6567-43CB-909D-D1851ACF4AA8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*", matchCriteriaId: "D3664585-D0B4-467C-9B6D-4F8E239F7DCD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*", matchCriteriaId: "C2216808-BAE9-4034-9618-5EC4CCB80E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*", matchCriteriaId: "B6263B9D-A62A-4E41-958A-968F9ACA0CE6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*", matchCriteriaId: "19983CDF-4769-4B56-98ED-CE7EE0C1AFF6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.7:*:*:*:*:*:*:*", matchCriteriaId: "9377F533-15D0-4F81-B7C1-A84E5346EF6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*", matchCriteriaId: "594287A4-AF30-4872-A5B8-1421FAB5C674", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AF396289-8409-4FE2-96DB-99818D5680B4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.", }, { lang: "es", value: "IBM WebSphere MQ v6.0 anterior a v6.0.2.8 y v7.0 anterior a v7.0.1.0 no gestiona correctamente los nombres largos de grupo, lo que podría permitir a usuarios locales obtener privilegios mediante el aprovechamiento de las combinaciones de nombres de grupo con la misma subcadena inicial.", }, ], evaluatorComment: "Per: http://xforce.iss.net/xforce/xfdb/51042\r\n\r\n'Note: This vulnerability only affects platforms where group names are limited to 12 characters in length.IB'", id: "CVE-2009-0905", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 1.7, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.1, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-10-30T19:55:00.820", references: [ { source: "cve@mitre.org", url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ37102", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51042", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ37102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51042", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-10-20 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 6.0 | |
| ibm | websphere_mq | 6.0.1.0 | |
| ibm | websphere_mq | 6.0.1.1 | |
| ibm | websphere_mq | 6.0.2.0 | |
| ibm | websphere_mq | 6.0.2.1 | |
| ibm | websphere_mq | 6.0.2.2 | |
| ibm | websphere_mq | 6.0.2.3 | |
| ibm | websphere_mq | 6.0.2.4 | |
| ibm | websphere_mq | 6.0.2.5 | |
| ibm | websphere_mq | 6.0.2.6 | |
| ibm | websphere_mq | 6.0.2.7 | |
| ibm | websphere_mq | 6.0.2.8 | |
| ibm | websphere_mq | 6.0.2.9 | |
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.0.2 | |
| ibm | websphere_mq | 7.0.1.0 | |
| ibm | websphere_mq | 7.0.1.1 | |
| ibm | websphere_mq | 7.0.1.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E6D2279B-482A-4CA6-9EF2-C57A95969BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0F36C644-664C-4758-9762-E808C80AE904", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9C670A3F-7BBB-4115-A037-B5E732ABB6BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "24CD8F97-39E0-455C-92CA-F0FE9AE5A0CC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C97EC1D0-CA59-4E2C-84EB-054BF27D1BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "7CCD33A5-6567-43CB-909D-D1851ACF4AA8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*", matchCriteriaId: "D3664585-D0B4-467C-9B6D-4F8E239F7DCD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*", matchCriteriaId: "C2216808-BAE9-4034-9618-5EC4CCB80E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*", matchCriteriaId: "B6263B9D-A62A-4E41-958A-968F9ACA0CE6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*", matchCriteriaId: "19983CDF-4769-4B56-98ED-CE7EE0C1AFF6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.7:*:*:*:*:*:*:*", matchCriteriaId: "9377F533-15D0-4F81-B7C1-A84E5346EF6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.8:*:*:*:*:*:*:*", matchCriteriaId: "86A87B5A-D0B8-4F49-A655-CC5AC737782F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.9:*:*:*:*:*:*:*", matchCriteriaId: "5B0FE244-1CAC-44AB-A032-0A7A486009D6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*", matchCriteriaId: "594287A4-AF30-4872-A5B8-1421FAB5C674", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AF396289-8409-4FE2-96DB-99818D5680B4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BDC03B4D-98C2-4704-9BF9-47888489B9C7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "73E4EAA2-8842-41AB-B8E0-944CDF72C893", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate.", }, { lang: "es", value: "IBM WebSphere MQ v6.x anterior a v6.0.2.10 y v7.x anterior a v7.0.1.3, permite a atacantes remotos suplantar certificados autenticados X.509, y enviar y recibir mensajes del canal a través de un valor manipulado de un Subject Distinguished Name (DN).", }, ], id: "CVE-2010-0782", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-10-20T18:00:01.907", references: [ { source: "cve@mitre.org", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68707", }, { source: "cve@mitre.org", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60018", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68707", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60018", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-06 14:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22003510 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/99505 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/124354 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22003510 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99505 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/124354 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 9.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "406AADD2-9732-44F1-91FC-F8C90088AD5A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354", }, { lang: "es", value: "IBM WebSphere MQ 9.0.2 permitiría a un usuario autenticado causar una denegación de servicio mediante el guardado del estado de investigación del canal. IBM X-Force ID: 124354", }, ], id: "CVE-2017-1236", lastModified: "2024-11-21T03:21:33.593", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-06T14:29:00.247", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003510", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99505", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003510", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99505", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-01-12 01:00
Modified
2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 6.0 | |
| ibm | websphere_mq | 6.0.1.0 | |
| ibm | websphere_mq | 6.0.1.1 | |
| ibm | websphere_mq | 6.0.2.0 | |
| ibm | websphere_mq | 6.0.2.1 | |
| ibm | websphere_mq | 6.0.2.2 | |
| ibm | websphere_mq | 6.0.2.3 | |
| ibm | websphere_mq | 6.0.2.4 | |
| ibm | websphere_mq | 6.0.2.5 | |
| ibm | websphere_mq | 6.0.2.6 | |
| ibm | websphere_mq | 6.0.2.7 | |
| ibm | websphere_mq | 6.0.2.8 | |
| ibm | websphere_mq | 6.0.2.9 | |
| ibm | websphere_mq | 6.0.2.10 | |
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.0.2 | |
| ibm | websphere_mq | 7.0.1 | |
| ibm | websphere_mq | 7.0.1.0 | |
| ibm | websphere_mq | 7.0.1.1 | |
| ibm | websphere_mq | 7.0.1.2 | |
| ibm | websphere_mq | 7.0.1.3 | |
| ibm | websphere_mq | 7.0.1.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E6D2279B-482A-4CA6-9EF2-C57A95969BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0F36C644-664C-4758-9762-E808C80AE904", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9C670A3F-7BBB-4115-A037-B5E732ABB6BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "24CD8F97-39E0-455C-92CA-F0FE9AE5A0CC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C97EC1D0-CA59-4E2C-84EB-054BF27D1BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "7CCD33A5-6567-43CB-909D-D1851ACF4AA8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*", matchCriteriaId: "D3664585-D0B4-467C-9B6D-4F8E239F7DCD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*", matchCriteriaId: "C2216808-BAE9-4034-9618-5EC4CCB80E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*", matchCriteriaId: "B6263B9D-A62A-4E41-958A-968F9ACA0CE6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*", matchCriteriaId: "19983CDF-4769-4B56-98ED-CE7EE0C1AFF6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.7:*:*:*:*:*:*:*", matchCriteriaId: "9377F533-15D0-4F81-B7C1-A84E5346EF6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.8:*:*:*:*:*:*:*", matchCriteriaId: "86A87B5A-D0B8-4F49-A655-CC5AC737782F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.9:*:*:*:*:*:*:*", matchCriteriaId: "5B0FE244-1CAC-44AB-A032-0A7A486009D6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.10:*:*:*:*:*:*:*", matchCriteriaId: "AFF09F4C-9F56-4931-8839-044491B5FA40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*", matchCriteriaId: "594287A4-AF30-4872-A5B8-1421FAB5C674", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AF396289-8409-4FE2-96DB-99818D5680B4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "B6DA363E-A18E-4F73-8F8F-15D383930221", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BDC03B4D-98C2-4704-9BF9-47888489B9C7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "73E4EAA2-8842-41AB-B8E0-944CDF72C893", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9D71A8D2-C97E-4A0D-B4F7-19E0B24AC887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "362B6A59-1FFD-4C11-8F86-0A5516A36385", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue.", }, { lang: "es", value: "Desbordamiento de búfer basado en memoria dinámica en IBM WebSphere MQ v6.0 antes de v6.0.2.11 y v7.0 antes v7.0.1.5, permite a usuarios autenticados remotamente ejecutar código de su elección o causar una denegación de servicio (caída del gestor de colas) mediante la inserción de un mensaje no válido en la cola.", }, ], id: "CVE-2011-0314", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-01-12T01:00:02.040", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/42941", }, { source: "cve@mitre.org", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ81294", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/45801", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64550", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/42941", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ81294", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/45801", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64550", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-23 14:29
Modified
2024-11-21 04:43
Severity ?
Summary
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/157190 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10872876 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/157190 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10872876 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | 9.1.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "86809D2A-993A-474D-BC4D-BA8FE7A5168F", versionEndIncluding: "8.0.0.11", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "FFC352D9-CFCD-417A-AE0C-FCEB5162EF42", versionEndIncluding: "9.0.0.5", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "791017C8-E7DA-4778-AD98-CCA09FD14E22", versionEndIncluding: "9.1.0.1", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.1.1:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "3007D639-EF29-4C33-9610-6A6A21173299", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.", }, { lang: "es", value: "IBM WebSphere MQ versión 8.0.0.0 hasta 8.0.0.9 y versión 9.0.0.0 hasta 9.1.1, podría permitir a un usuario local sin privilegios ejecutar código como administrador debido a definición incorrecta de permisos en los directorios de instalación MQ. ID de IBM X-Force: 157190.", }, ], id: "CVE-2019-4078", lastModified: "2024-11-21T04:43:08.207", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-23T14:29:07.923", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/157190", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10872876", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/157190", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10872876", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-10-02 00:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "153F42BE-64AE-4D38-94C1-E59EF10632A2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.", }, { lang: "es", value: "IBM WebSphere MQ 8.x anterior a 8.0.0.1 no fuerza debidamente las normas CHLAUTH para el bloqueo de las conexiones de clientes en ciertas circunstancias relacionadas con el atributo CONNAUTH, lo que permite a usuarios remotos autenticados evadir las restricciones de acceso a la gestión de colas a través de vectores no especificados.", }, ], id: "CVE-2014-4793", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-02T00:55:03.797", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685526", }, { source: "psirt@us.ibm.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95208", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685526", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95208", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-27 18:29
Modified
2024-11-21 03:59
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22016346 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/142598 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22016346 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/142598 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", matchCriteriaId: "63E773A8-4ED2-47AA-A2D7-5CD02CBA47C0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598.", }, { lang: "es", value: "IBM WebSphere MQ 8.0 y 9.0 podría permitir que un atacante remoto obtenga información sensible, provocado por la imposibilidad de validar correctamente el certificado SSL. Un atacante podría explotar esta vulnerabilidad para obtener información sensible empleando técnicas Man-in-the-Middle (MitM). IBM X-Force ID: 142598.", }, ], id: "CVE-2018-1543", lastModified: "2024-11-21T03:59:59.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-27T18:29:00.740", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22016346", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142598", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22016346", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142598", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-11-26 03:57
Modified
2025-04-11 00:51
Severity ?
Summary
IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 6.0 | |
| hp | openvms | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E6D2279B-482A-4CA6-9EF2-C57A95969BC2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:openvms:*:*:*:*:*:*:*:*", matchCriteriaId: "19BF3C52-B5CD-46AD-AB6F-6D13CFFB224E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command.", }, { lang: "es", value: "IBM WebSphere MQ v6.0 en OpenVMS, cuando los derechos por defecto del grupo de MQM están activados, no verifican correctamente el User Authorization File (UAF), que permite a usuarios locales a matar a los procesos de escucha y el servidor de comando a través de un comando de control.", }, ], id: "CVE-2011-1378", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 1.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-11-26T03:57:45.617", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46837", }, { source: "cve@mitre.org", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC78034", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71336", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46837", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC78034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71336", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-22 19:59
Modified
2024-11-21 03:00
Severity ?
Summary
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "153F42BE-64AE-4D38-94C1-E59EF10632A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.", }, { lang: "es", value: "IBM WebSphere MQ 8.0 podría permitir a un usuario autenticado con acceso al gestor de colas derribar canales MQ utilizando peticiones HTTP especialmente manipuladas. IBM Reference #: 1998648.", }, ], id: "CVE-2016-8986", lastModified: "2024-11-21T03:00:24.643", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-22T19:59:00.263", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998648", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/96412", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998648", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96412", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-15 15:29
Modified
2024-11-21 04:00
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/152925 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10744713 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/152925 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10744713 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | 9.1.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "A77B7383-1DF2-49B9-A53D-D3FFF438DEC4", versionEndIncluding: "9.1.0.1", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.1.1:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "3007D639-EF29-4C33-9610-6A6A21173299", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925.", }, { lang: "es", value: "Las versiones 9.1.0.0, 9.1.0.1 y 9.1.1 de IBM WebShere MQ utilizan algoritmos criptográficos más débiles de lo esperado, que podrían permitir a un atacante desencriptar información altamente sensible. IBM X-Force ID: 152925.", }, ], id: "CVE-2018-1925", lastModified: "2024-11-21T04:00:36.480", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-15T15:29:00.297", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152925", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10744713", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152925", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10744713", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-23 14:29
Modified
2024-11-21 04:43
Severity ?
Summary
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/156163 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10870492 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/156163 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10870492 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "86809D2A-993A-474D-BC4D-BA8FE7A5168F", versionEndIncluding: "8.0.0.11", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "FFC352D9-CFCD-417A-AE0C-FCEB5162EF42", versionEndIncluding: "9.0.0.5", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "0321ED66-DAD1-4AD3-996F-B3333B8EF31B", versionEndIncluding: "9.1.1", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "791017C8-E7DA-4778-AD98-CCA09FD14E22", versionEndIncluding: "9.1.0.1", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.", }, { lang: "es", value: "IBM WebSphere MQ versión 8.0.0.0 hasta 8.0.0.9 y versión 9.0.0.0 hasta 9.1.1, podría permitir que un atacante local genere una Denegación de Servicio dentro del sistema de reportes de registro de errores. ID de IBM X-Force: 156163.", }, ], id: "CVE-2019-4039", lastModified: "2024-11-21T04:43:04.510", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-23T14:29:07.860", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156163", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870492", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870492", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-13 15:29
Modified
2024-11-21 04:00
Severity ?
8.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/105936 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/148947 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10734447 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105936 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/148947 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10734447 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | 9.1.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "5DD54027-9C8D-40BA-8B88-5BB7665A2DA8", versionEndIncluding: "8.0.0.10", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "C5D73B9F-B40A-4740-8A6E-F9210CBC42E0", versionEndIncluding: "9.0.0.5", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "5D1B1D9B-072B-4BE1-AEE7-73883EC2D753", versionEndIncluding: "9.0.5", versionStartIncluding: "9.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "82D7A612-CC28-4DE7-AB76-6866E90A7B3E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.", }, { lang: "es", value: "IBM WebSphere MQ, de la versión 8.0.0.0 a la 8.0.0.10, de la versión 9.0.0.0 a la 9.0.0.5, de la versión 9.0.1 a la 9.0.5 y en la versión 9.1.0.0, podría permitir que un usuario local inyecte código que podría ejecutarse con privilegios root. IBM X-Force ID: 148947.", }, ], id: "CVE-2018-1792", lastModified: "2024-11-21T04:00:22.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2, impactScore: 6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-13T15:29:00.373", references: [ { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105936", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105936", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734447", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-23 15:15
Modified
2024-11-21 01:43
Severity ?
Summary
IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/79920 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.tenable.com/plugins/nessus/63099 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/79920 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/plugins/nessus/63099 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "FF3511B2-F6FD-44EE-A7FE-14BC3C96C509", versionEndExcluding: "7.1.0.2", versionStartIncluding: "7.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "15B74C9A-62FE-4D99-A603-DF698ABA8F53", versionEndExcluding: "7.5.0.1", versionStartIncluding: "7.5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability", }, { lang: "es", value: "IBM WebSphere MQ versiones 7.1 y 7.5: El administrador de colas presenta una vulnerabilidad de DoS.", }, ], id: "CVE-2012-4863", lastModified: "2024-11-21T01:43:37.883", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-23T15:15:11.957", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79920", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/plugins/nessus/63099", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79920", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/plugins/nessus/63099", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-09 20:29
Modified
2024-11-21 03:22
Severity ?
Summary
IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22009918 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102479 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040175 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/132953 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22009918 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102479 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040175 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/132953 | VDB Entry, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0343E94F-6DE2-4E27-AFC5-D4650A4519F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BDA4EE08-D531-4957-BF2A-C5A9ABB0F38D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "751BF695-E27A-4D9F-9190-84A7BCD5E268", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CDA1EF24-9710-4C4A-8059-917C02185CA3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "CC257545-44A3-4659-951D-F4DFF3B87CFB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FD4E86C-0E58-4A91-A18C-534464BC197A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "AE4B1F7A-8989-4B4E-A75E-037B38ED7536", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D98FEC2B-14F4-48EF-A7D2-DA4451EBD402", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BDC03B4D-98C2-4704-9BF9-47888489B9C7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "73E4EAA2-8842-41AB-B8E0-944CDF72C893", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9D71A8D2-C97E-4A0D-B4F7-19E0B24AC887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "362B6A59-1FFD-4C11-8F86-0A5516A36385", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.5:*:*:*:*:*:*:*", matchCriteriaId: "5046C962-98D9-43C3-8D83-B144CE442A31", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.6:*:*:*:*:*:*:*", matchCriteriaId: "A379F4E4-5A82-454A-B1D0-D4CAAD9E1457", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.7:*:*:*:*:*:*:*", matchCriteriaId: "DECB8B77-BAB7-468E-8D22-57FE9F42F718", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.8:*:*:*:*:*:*:*", matchCriteriaId: "2CE2BBC9-7772-48FF-BDE5-D61F9E16BB0D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.9:*:*:*:*:*:*:*", matchCriteriaId: "0E3E613F-20C4-448E-99C7-C03587B2AE4B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.10:*:*:*:*:*:*:*", matchCriteriaId: "EC348B63-F62A-4F23-8BFC-EC6FDA057DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.11:*:*:*:*:*:*:*", matchCriteriaId: "7A3E5E8C-E897-4720-8B79-3D670B3A3CA0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.12:*:*:*:*:*:*:*", matchCriteriaId: "41B533BC-8796-4ADA-B67D-0CA41CD8BA65", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.13:*:*:*:*:*:*:*", matchCriteriaId: "C04E17D8-2D2B-4EF6-B5F5-3B6C720A551A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.14:*:*:*:*:*:*:*", matchCriteriaId: "1ACA359E-DA6D-4C5A-9605-124B0622C8B4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "25D7B6F3-69B4-497E-A579-F925A1CB0D8C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5C711485-326F-47AC-A999-95F593B086B3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B84C0416-B334-45C1-9BA7-E66D9371BD80", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "56C38EE8-1F6D-4BCF-AA46-D71E6F3EDAC6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "25AC9713-B00C-4A51-AEFB-7927B675E977", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "AFFC891B-ECE0-44DD-A0AD-5CA4A263961F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "CE71C30A-B8B5-42EA-9A90-44347FCC32D2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "9D862347-D638-41F6-94AA-E39B2F8E7010", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "96B18B43-D978-4C2B-8B1F-96F637389091", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "D3679D6F-1E3A-4546-A05B-5B4EA515B4C9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F4E6617F-85DF-49FE-B713-148624DC87A8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", matchCriteriaId: "63E773A8-4ED2-47AA-A2D7-5CD02CBA47C0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4084EE93-8B41-493E-BB50-9ABC8E956C89", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "33A09DD4-FA46-474B-9801-404F42380570", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7709DB51-2ED8-48D3-81EA-3127A39EA1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "264056E7-2BF1-4AB2-A485-5AFFD4A886D7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.", }, { lang: "es", value: "El módulo de rastreo de servicios IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0 y 9.0 podría emplearse para ejecutar código no fiable bajo un usuario \"mqm\". IBM X-Force ID: 132953.", }, ], id: "CVE-2017-1612", lastModified: "2024-11-21T03:22:08.653", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-09T20:29:00.287", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22009918", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102479", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040175", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22009918", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102479", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040175", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-17 10:31
Modified
2025-04-11 00:51
Severity ?
Summary
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.1.0 | |
| ibm | websphere_mq | 7.0.2.0 | |
| ibm | websphere_mq | 7.0.2.2 | |
| ibm | websphere_mq | 7.0.4 | |
| ibm | websphere_mq | 7.0.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:file_transfer:*:*:*:*:*", matchCriteriaId: "CCC205E7-DEEF-4217-A0F8-060EA98B6D17", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:file_transfer:*:*:*:*:*", matchCriteriaId: "7FADD25C-32BB-4E6B-B07F-F0E2D45602EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:file_transfer:*:*:*:*:*", matchCriteriaId: "98A1AA9D-F576-43C9-91AD-BC8CEB427A07", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.2.0:*:file_transfer:*:*:*:*:*", matchCriteriaId: "97B0EF19-9684-4AE7-857E-779380B9A825", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.2.2:*:file_transfer:*:*:*:*:*", matchCriteriaId: "38985204-536F-4BD6-A718-B28983FF668A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.4:*:file_transfer:*:*:*:*:*", matchCriteriaId: "01A2D4A5-325E-4D67-A8E5-594F16B909F7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.4.0:*:file_transfer:*:*:*:*:*", matchCriteriaId: "740568A4-24F3-4F58-AC99-442184C9F0C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.", }, { lang: "es", value: "El componente de puerta de enlace de Internet en IBM WebSphere MQ File Transfer Edition v7.0.4 y anteriores permite leer archivos de usuarios de su elección a usuarios remotos autenticados a través de vectores relacionados con un nombre de usuario en un URI, tal y como se demuestra por un campo metadata=fteSamplesUser modificado que apunta a la URI /transfer.\r\n", }, ], id: "CVE-2012-2206", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-17T10:31:52.043", references: [ { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761", }, { source: "psirt@us.ibm.com", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/20478/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21607481", }, { source: "psirt@us.ibm.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/20478/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21607481", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77095", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-05-20 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.5 | |
| ibm | websphere_mq | 7.5.0.1 | |
| ibm | websphere_mq | 7.5.0.2 | |
| ibm | websphere_mq | 7.5.0.3 | |
| ibm | websphere_mq | 7.5.0.4 | |
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0343E94F-6DE2-4E27-AFC5-D4650A4519F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BDA4EE08-D531-4957-BF2A-C5A9ABB0F38D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "751BF695-E27A-4D9F-9190-84A7BCD5E268", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CDA1EF24-9710-4C4A-8059-917C02185CA3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records.", }, { lang: "es", value: "El gestor del repositorio de clusters en IBM WebSphere MQ 7.5 anterior a 7.5.0.5 y 8.0 anterior a 8.0.0.2 permite a administradores remotos autenticados causar una denegación de servicio (sobrescritura de memoria y interrupción de demonio) mediante le provocación de múltiples registros de la cola de transmisión.", }, ], id: "CVE-2015-0189", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-05-20T10:59:02.243", references: [ { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05869", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883457", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/74706", }, { source: "psirt@us.ibm.com", url: "http://www.securitytracker.com/id/1032374", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05869", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883457", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/74706", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1032374", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-06 14:29
Modified
2024-11-21 04:00
Severity ?
3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/105040 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/142888 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10716113 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105040 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/142888 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10716113 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "474E0A70-DCA8-4E7E-9D9A-2E70FE16C512", versionEndIncluding: "8.0.0.8", versionStartIncluding: "8.0.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "3CF84198-FAC7-435E-99B2-5E698ACE9C5A", versionEndIncluding: "9.0.0.3", versionStartIncluding: "9.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.", }, { lang: "es", value: "IBM WebSphere MQ, desde la versión 8.0.0.2 hasta la 8.0.0.8 y desde la versión 9.0.0.0 hasta la 9.0.0.3, podría permitir que los usuarios tengan más autoridad de la que deberían si un administrador MQ crea un nombre de grupo de usuarios no válido. IBM X-Force ID: 142888.", }, ], id: "CVE-2018-1551", lastModified: "2024-11-21T04:00:00.117", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-06T14:29:00.717", references: [ { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105040", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142888", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10716113", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105040", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142888", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10716113", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-19 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program.", }, { lang: "es", value: "IBM WebSphere MQ 8.0.0.4 en plataformas IBM i permite a usuarios locales descubrir contraseñas de certificado de almacén de claves en texto plano dentro de la salida de rastreo MQ aprovechando privilegios administrativos para el ejecutar el programa mqcertck.", }, ], id: "CVE-2015-7462", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-19T20:59:00.113", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984557", }, { source: "psirt@us.ibm.com", url: "http://www.securitytracker.com/id/1036053", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984557", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036053", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, { lang: "en", value: "CWE-255", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-29 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors.", }, { lang: "es", value: "Fuga de memoria en agentes de gestión de cola en IBM WebSphere MQ 8.x en versiones anteriores a 8.0.0.5 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria dinámica) desencadenando muchos errores.", }, ], id: "CVE-2016-0260", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-29T01:59:02.587", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984564", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984564", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-17 15:29
Modified
2024-11-21 03:59
Severity ?
Summary
An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012983 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/137771 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012983 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/137771 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0.0.8 | |
| ibm | websphere_mq | 9.0.0.2 | |
| ibm | websphere_mq | 9.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.8:*:*:*:*:*:*:*", matchCriteriaId: "03A2E32F-2019-4F5F-814D-60218B960A95", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "FA310DB1-904C-45D0-8CAC-0B01638A7D41", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CF68ED28-0999-4622-A923-624284229F13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771.", }, { lang: "es", value: "Un cliente IBM WebSphere MQ 8.0.0.8, 9.0.0.2 y 9.0.4 que se conecte a MQ Queue Manager puede provocar un SIGSEGV en el proceso del canal AMQRMPPA, terminándolo. IBM X-Force ID: 137771.", }, ], id: "CVE-2018-1371", lastModified: "2024-11-21T03:59:42.347", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-17T15:29:00.240", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012983", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137771", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012983", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137771", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-23 13:29
Modified
2024-11-21 03:59
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22015617 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/104953 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041387 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/141339 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22015617 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104953 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041387 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/141339 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "916BC891-9D43-40A0-8F68-994F520F5A50", versionEndIncluding: "7.5.0.8", versionStartIncluding: "7.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "C660C959-9285-45C9-B89A-94085BDA332C", versionEndIncluding: "8.0.0.9", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "3CF84198-FAC7-435E-99B2-5E698ACE9C5A", versionEndIncluding: "9.0.0.3", versionStartIncluding: "9.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339.", }, { lang: "es", value: "IBM WebSphere MQ 7.5, 8.0 y 9.0 podría permitir que un atacante autenticado remoto envíe cabeceras inválidas o mal formadas que podrían provocar que los mensajes ya no se transmitan mediante el canal afectado. IBM X-Force ID: 141339.", }, ], id: "CVE-2018-1503", lastModified: "2024-11-21T03:59:56.077", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-23T13:29:00.217", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22015617", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104953", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041387", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/141339", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22015617", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/141339", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-09-14 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.0.1.0 | |
| ibm | websphere_mq | 7.0.1.1 | |
| ibm | websphere_mq | 7.0.1.2 | |
| ibm | websphere_mq | 7.0.1.3 | |
| ibm | websphere_mq | 7.0.1.4 | |
| ibm | websphere_mq | 7.0.1.5 | |
| ibm | websphere_mq | 7.0.1.6 | |
| ibm | websphere_mq | 7.0.1.7 | |
| ibm | websphere_mq | 7.0.1.8 | |
| ibm | websphere_mq | 7.0.1.9 | |
| ibm | websphere_mq | 7.0.1.10 | |
| ibm | websphere_mq | 7.0.1.11 | |
| ibm | websphere_mq | 7.0.1.12 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BDC03B4D-98C2-4704-9BF9-47888489B9C7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "73E4EAA2-8842-41AB-B8E0-944CDF72C893", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9D71A8D2-C97E-4A0D-B4F7-19E0B24AC887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "362B6A59-1FFD-4C11-8F86-0A5516A36385", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.5:*:*:*:*:*:*:*", matchCriteriaId: "5046C962-98D9-43C3-8D83-B144CE442A31", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.6:*:*:*:*:*:*:*", matchCriteriaId: "A379F4E4-5A82-454A-B1D0-D4CAAD9E1457", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.7:*:*:*:*:*:*:*", matchCriteriaId: "DECB8B77-BAB7-468E-8D22-57FE9F42F718", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.8:*:*:*:*:*:*:*", matchCriteriaId: "2CE2BBC9-7772-48FF-BDE5-D61F9E16BB0D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.9:*:*:*:*:*:*:*", matchCriteriaId: "0E3E613F-20C4-448E-99C7-C03587B2AE4B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.10:*:*:*:*:*:*:*", matchCriteriaId: "EC348B63-F62A-4F23-8BFC-EC6FDA057DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.11:*:*:*:*:*:*:*", matchCriteriaId: "7A3E5E8C-E897-4720-8B79-3D670B3A3CA0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.12:*:*:*:*:*:*:*", matchCriteriaId: "41B533BC-8796-4ADA-B67D-0CA41CD8BA65", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call.", }, { lang: "es", value: "Vulnerabilidad en IBM WebSphere MQ 7.0.1 en versiones anteriores a 7.0.1.13, permite a atacantes remotos causar una denegación de servicio (terminación anormal canal-agente e interrupción del proceso) a través de una cadena de selección manipulada en una llamada MQI.", }, ], id: "CVE-2015-2013", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-09-14T01:59:00.107", references: [ { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV73860", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962479", }, { source: "psirt@us.ibm.com", url: "http://www.securitytracker.com/id/1033449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV73860", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962479", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1033449", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-06-03 17:00
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 6.0 | |
| ibm | websphere_mq | 6.0.0.0 | |
| ibm | websphere_mq | 6.0.1.0 | |
| ibm | websphere_mq | 6.0.1.1 | |
| ibm | websphere_mq | 6.0.2.0 | |
| ibm | websphere_mq | 6.0.2.1 | |
| ibm | websphere_mq | 6.0.2.2 | |
| ibm | websphere_mq | 6.0.2.3 | |
| ibm | websphere_mq | 6.0.2.4 | |
| ibm | websphere_mq | 6.0.2.5 | |
| ibm | websphere_mq | 6.0.2.6 | |
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E6D2279B-482A-4CA6-9EF2-C57A95969BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9728448F-E295-4C33-B2F4-17FAAFCDF169", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0F36C644-664C-4758-9762-E808C80AE904", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9C670A3F-7BBB-4115-A037-B5E732ABB6BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "24CD8F97-39E0-455C-92CA-F0FE9AE5A0CC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C97EC1D0-CA59-4E2C-84EB-054BF27D1BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "7CCD33A5-6567-43CB-909D-D1851ACF4AA8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*", matchCriteriaId: "D3664585-D0B4-467C-9B6D-4F8E239F7DCD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*", matchCriteriaId: "C2216808-BAE9-4034-9618-5EC4CCB80E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*", matchCriteriaId: "B6263B9D-A62A-4E41-958A-968F9ACA0CE6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*", matchCriteriaId: "19983CDF-4769-4B56-98ED-CE7EE0C1AFF6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*", matchCriteriaId: "594287A4-AF30-4872-A5B8-1421FAB5C674", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AF396289-8409-4FE2-96DB-99818D5680B4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request.", }, { lang: "es", value: "Desbordamiento de búfer en el gestor de cola en IBM WebSphere MQ v6.x anterior a v6.0.2.7 y v7.x anterior a v7.0.1.0, permite a atacantes remotos ejecutar código de su elección a través de una petición manipulada.", }, ], id: "CVE-2009-0896", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-06-03T17:00:00.530", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/35303", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1022311", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21386826", }, { source: "cve@mitre.org", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ50784", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/35170", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/1463", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/35303", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1022311", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21386826", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ50784", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/35170", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/1463", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50641", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-04-27 11:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21699549 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1032200 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21699549 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032200 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "882BCC5C-CE68-4F19-9041-CCCE642EB11D", versionEndIncluding: "7.5.0.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response.", }, { lang: "es", value: "Vulnerabilidad de XSS en MQ XR WebSockets Listener en WMQ Telemetry en IBM WebSphere MQ 8.0 anterior a 8.0.0.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URI manipulada que está incluida en una respuesta de error.", }, ], id: "CVE-2015-0176", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-04-27T11:59:04.187", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699549", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032200", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-27 14:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158337 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/876772 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158337 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/876772 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq_appliance | * | |
| ibm | websphere_mq_appliance | * | |
| ibm | websphere_mq_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*", matchCriteriaId: "779489EE-13E0-4EE4-A090-ACC2B6AFB9DE", versionEndIncluding: "7.1.0.9", versionStartIncluding: "7.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*", matchCriteriaId: "2DC28F88-6E86-4108-9F97-D5DB45B8F85B", versionEndIncluding: "7.5.0.9", versionStartIncluding: "7.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*", matchCriteriaId: "13A4B847-5DFB-4A00-847B-04E56FBB0D9E", versionEndIncluding: "8.0.0.11", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "5293F3F9-53EC-4FEB-83B3-EDBB98B6E385", versionEndIncluding: "9.0.0.6", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*", matchCriteriaId: "E62C1C46-368E-4603-95F2-E4E7D2B933B2", versionEndIncluding: "9.1.0.2", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*", matchCriteriaId: "45452420-EF89-4DA1-9A5D-84ED9ED046B1", versionEndIncluding: "9.1.2", versionStartIncluding: "9.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_appliance:*:*:*:*:-:*:*:*", matchCriteriaId: "E8D6A461-A46A-4278-A9BF-06138ECAE028", versionEndIncluding: "8.0.0.11", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_appliance:*:*:*:*:lts:*:*:*", matchCriteriaId: "95D36B56-554C-470F-95D9-0FA64BCBDFF7", versionEndIncluding: "9.1.0.2", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_appliance:*:*:*:*:cd:*:*:*", matchCriteriaId: "6EDEA708-4EAC-4051-B9DD-5F805B409C45", versionEndIncluding: "9.1.2", versionStartIncluding: "9.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.", }, { lang: "es", value: "IBM MQ versiones 7.1.0.0 hasta 7.1.0.9, 7.5.0.0 hasta 7.5.0.9, 8.0.0.0 hasta 8.0.0.11, 9.0.0.0 hasta 9.0.0.6, 9.1.0.0 hasta 9.1.0.2 y 9.1.1 hasta 9.1.2, es vulnerable a un ataque de denegación de servicio causado por una pérdida de memoria en el código de clustering. ID de IBM X-Force: 158337.", }, ], id: "CVE-2019-4141", lastModified: "2024-11-21T04:43:13.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-27T14:15:11.280", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/876772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/876772", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-11-20 20:46
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 6.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E6D2279B-482A-4CA6-9EF2-C57A95969BC2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving \"memory corruption.\" NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.", }, { lang: "es", value: "Múltiples vulnerabilidades no especificadas en IBM WebSphere MQ 6.0 tienen un impacto desconocido y vectores de ataque remotos que afectan al \"consumo de memoria.\" NOTA: como en 20071116, la única divulgación es un vago preaviso con una información no accinable. Sin embargo, proviene de un investigador bien conocido, es por ello que se le ha asignado un identificador CVE para facilitar su seguimiento.", }, ], id: "CVE-2007-6044", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-11-20T20:46:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/45302", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/3381", }, { source: "cve@mitre.org", url: "http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/483708/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/26441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/45302", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/3381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/483708/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/26441", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-02-13 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.0.1.0 | |
| ibm | websphere_mq | 7.0.1.1 | |
| ibm | websphere_mq | 7.0.1.2 | |
| ibm | websphere_mq | 7.0.1.3 | |
| ibm | websphere_mq | 7.0.1.4 | |
| ibm | websphere_mq | 7.0.1.5 | |
| ibm | websphere_mq | 7.0.1.6 | |
| ibm | websphere_mq | 7.0.1.7 | |
| ibm | websphere_mq | 7.0.1.8 | |
| ibm | websphere_mq | 7.0.1.9 | |
| ibm | websphere_mq | 7.0.1.10 | |
| ibm | websphere_mq | 7.0.1.11 | |
| ibm | websphere_mq | 7.0.1.12 | |
| ibm | websphere_mq | 7.1 | |
| ibm | websphere_mq | 7.1.0.1 | |
| ibm | websphere_mq | 7.1.0.2 | |
| ibm | websphere_mq | 7.1.0.3 | |
| ibm | websphere_mq | 7.1.0.4 | |
| ibm | websphere_mq | 7.1.0.5 | |
| ibm | websphere_mq | 7.5 | |
| ibm | websphere_mq | 7.5.0.1 | |
| ibm | websphere_mq | 7.5.0.2 | |
| ibm | websphere_mq | 7.5.0.3 | |
| ibm | websphere_mq | 7.5.0.4 | |
| ibm | websphere_mq | 8.0.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BDC03B4D-98C2-4704-9BF9-47888489B9C7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "73E4EAA2-8842-41AB-B8E0-944CDF72C893", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9D71A8D2-C97E-4A0D-B4F7-19E0B24AC887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "362B6A59-1FFD-4C11-8F86-0A5516A36385", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.5:*:*:*:*:*:*:*", matchCriteriaId: "5046C962-98D9-43C3-8D83-B144CE442A31", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.6:*:*:*:*:*:*:*", matchCriteriaId: "A379F4E4-5A82-454A-B1D0-D4CAAD9E1457", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.7:*:*:*:*:*:*:*", matchCriteriaId: "DECB8B77-BAB7-468E-8D22-57FE9F42F718", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.8:*:*:*:*:*:*:*", matchCriteriaId: "2CE2BBC9-7772-48FF-BDE5-D61F9E16BB0D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.9:*:*:*:*:*:*:*", matchCriteriaId: "0E3E613F-20C4-448E-99C7-C03587B2AE4B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.10:*:*:*:*:*:*:*", matchCriteriaId: "EC348B63-F62A-4F23-8BFC-EC6FDA057DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.11:*:*:*:*:*:*:*", matchCriteriaId: "7A3E5E8C-E897-4720-8B79-3D670B3A3CA0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.12:*:*:*:*:*:*:*", matchCriteriaId: "41B533BC-8796-4ADA-B67D-0CA41CD8BA65", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1:*:*:*:*:*:*:*", matchCriteriaId: "417A12D5-4E6E-487E-9515-2410B3697639", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5C711485-326F-47AC-A999-95F593B086B3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B84C0416-B334-45C1-9BA7-E66D9371BD80", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "56C38EE8-1F6D-4BCF-AA46-D71E6F3EDAC6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "25AC9713-B00C-4A51-AEFB-7927B675E977", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "AFFC891B-ECE0-44DD-A0AD-5CA4A263961F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0343E94F-6DE2-4E27-AFC5-D4650A4519F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BDA4EE08-D531-4957-BF2A-C5A9ABB0F38D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "751BF695-E27A-4D9F-9190-84A7BCD5E268", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CDA1EF24-9710-4C4A-8059-917C02185CA3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "153F42BE-64AE-4D38-94C1-E59EF10632A2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query.", }, { lang: "es", value: "IBM WebSphere MQ 7.0.1 anterior a 7.0.1.13, 7.1 anterior a 7.1.0.6, 7.5 anterior a 7.5.0.5, y 8 anterior a 8.0.0.1 permite a usuarios remotos autenticados causar una denegación de servicio (agotamiento del hueco en cola) mediante el aprovechamiento de los privilegios de consultas PCF para una consulta manipulada.", }, ], id: "CVE-2014-4771", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-02-13T02:59:00.033", references: [ { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV69190", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21696120", }, { source: "psirt@us.ibm.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94842", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV69190", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21696120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94842", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-10 16:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22003853 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/99493 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/126245 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22003853 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99493 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/126245 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 9.0.1 | |
| ibm | websphere_mq | 9.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "406AADD2-9732-44F1-91FC-F8C90088AD5A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.", }, { lang: "es", value: "La aplicación Java/JMS de WebSphere MQ versiones 9.0.1 y 9.0.2 de IBM, puede transmitir incorrectamente las credenciales de usuario en texto plano. ID de IBM X-Force: 126245.", }, ], id: "CVE-2017-1337", lastModified: "2024-11-21T03:21:44.497", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-10T16:29:00.217", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003853", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99493", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126245", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003853", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99493", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126245", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-09-26 04:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.5 | |
| ibm | websphere_mq | 7.5.0.1 | |
| ibm | websphere_mq | 7.5.0.2 | |
| ibm | websphere_mq | 7.5.0.3 | |
| ibm | websphere_mq | 7.5.0.4 | |
| ibm | websphere_mq | 7.5.0.5 | |
| ibm | websphere_mq | 7.5.0.6 | |
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", matchCriteriaId: "164DC456-433C-4C47-91F9-1B57C2DFBF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0343E94F-6DE2-4E27-AFC5-D4650A4519F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BDA4EE08-D531-4957-BF2A-C5A9ABB0F38D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "751BF695-E27A-4D9F-9190-84A7BCD5E268", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CDA1EF24-9710-4C4A-8059-917C02185CA3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "CC257545-44A3-4659-951D-F4DFF3B87CFB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FD4E86C-0E58-4A91-A18C-534464BC197A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights.", }, { lang: "es", value: "IBM WebSphere MQ 7.5 en versiones anteriores a 7.5.0.7 y 8.0 en versiones anteriores a 8.0.0.5 no maneja correctamente flujos de protocolo, lo que permite a usuarios remotos autenticados provocar una denegación de servicio (corte de canal) aprovechando derechos del gestor de cola.", }, ], id: "CVE-2016-0379", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-26T04:59:02.320", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984565", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/93146", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984565", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/93146", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-19", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-30 16:29
Modified
2024-11-21 03:22
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012992 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/103590 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/135520 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012992 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103590 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/135520 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 9.0 | |
| ibm | websphere_mq | 9.0.0.1 | |
| ibm | websphere_mq | 9.0.0.2 | |
| ibm | websphere_mq | 9.0.1 | |
| ibm | websphere_mq | 9.0.2 | |
| ibm | websphere_mq | 9.0.3 | |
| ibm | websphere_mq | 9.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", matchCriteriaId: "63E773A8-4ED2-47AA-A2D7-5CD02CBA47C0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4084EE93-8B41-493E-BB50-9ABC8E956C89", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "FA310DB1-904C-45D0-8CAC-0B01638A7D41", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "406AADD2-9732-44F1-91FC-F8C90088AD5A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*", matchCriteriaId: "018595DD-9AAD-44C7-9A46-BC78AF1F6C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.4:*:*:*:*:*:*:*", matchCriteriaId: "CF68ED28-0999-4622-A923-624284229F13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.", }, { lang: "es", value: "Un mensaje especialmente manipulado podría provocar una denegación de servicio (DoS) en las aplicaciones de IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3 y 9.0.4, consumiendo mensajes que necesita para realizar conversiones de datos. IBM X-Force ID: 135520.", }, ], id: "CVE-2017-1747", lastModified: "2024-11-21T03:22:18.200", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-30T16:29:00.200", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012992", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103590", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/135520", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103590", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/135520", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-11 22:29
Modified
2024-11-21 04:00
Severity ?
8.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/154887 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10870488 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/154887 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10870488 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * | |
| ibm | websphere_mq | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "5DD54027-9C8D-40BA-8B88-5BB7665A2DA8", versionEndIncluding: "8.0.0.10", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "C5D73B9F-B40A-4740-8A6E-F9210CBC42E0", versionEndIncluding: "9.0.0.5", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "A77B7383-1DF2-49B9-A53D-D3FFF438DEC4", versionEndIncluding: "9.1.0.1", versionStartIncluding: "9.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.", }, { lang: "es", value: "IBM WebSphere MQ, desde la versión 8.0.0.0 hasta la 9.1.1, podría permitir a un usuario local inyectar código que podría ejecutarse con privilegios root. Esta vulnerabilidad se debe a una solución incompleta para CVE-2018-1792. IBM X-Force ID: 154887.", }, ], id: "CVE-2018-1998", lastModified: "2024-11-21T04:00:43.227", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2, impactScore: 6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-11T22:29:00.750", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/154887", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870488", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/154887", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870488", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-20 16:59
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21999672 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/96759 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1038068 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21999672 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96759 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038068 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0.0.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "D3679D6F-1E3A-4546-A05B-5B4EA515B4C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672.", }, { lang: "es", value: "IBM WebSphere MQ 8.0.0.6 no termina correctamente los agentes de canal cuando ya no son necesarios, lo que podría permitir a un usuario causar una denegación de servicio por agotamiento de recursos. IBM Reference #: 1999672.", }, ], id: "CVE-2017-1145", lastModified: "2024-11-21T03:21:23.973", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-20T16:59:01.937", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21999672", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96759", }, { source: "psirt@us.ibm.com", url: "http://www.securitytracker.com/id/1038068", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21999672", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038068", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-404", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-10 16:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22003851 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/99494 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/125145 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22003851 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99494 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/125145 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 9.0.1 | |
| ibm | websphere_mq | 9.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "406AADD2-9732-44F1-91FC-F8C90088AD5A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.", }, { lang: "es", value: "IBM WebSphere MQ 9.0.1 y 9.0.2 podría permitir a un usuario local con habilidad de ejecución o activación de rutas, obtener información sensible desde rutas de WebSphere Application Server incluidas credenciales de usuario. X-Force ID: 125145.", }, ], id: "CVE-2017-1284", lastModified: "2024-11-21T03:21:38.280", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-10T16:29:00.183", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003851", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99494", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003851", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-03-31 23:44
Modified
2025-04-09 00:30
Severity ?
Summary
MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | nonstop | * | |
| tandem_computers | tandem_operating_system | nsk | |
| ibm | websphere_mq | 5.1 | |
| ibm | websphere_mq | 5.3 | |
| ibm | websphere_mq | 5.3.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:nonstop:*:*:*:*:*:*:*:*", matchCriteriaId: "6018065D-F606-4769-9341-9E7DEA6A0A72", vulnerable: false, }, { criteria: "cpe:2.3:o:tandem_computers:tandem_operating_system:nsk:*:*:*:*:*:*:*", matchCriteriaId: "CE239FDD-F33C-4E9C-B864-BE3DCC78B59B", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:5.1:*:*:*:*:*:*:*", matchCriteriaId: "089EDD33-4854-4894-B88D-EC560C40E2EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:5.3:*:*:*:*:*:*:*", matchCriteriaId: "36650BB9-861B-42B5-BCC1-492F84A64951", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "465D718A-ACA5-444B-99EE-67876B8D3687", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to \"Pathway panels.\"", }, { lang: "es", value: "MQSeries 5.1 en IBM WebSphere MQ de 5.1 a 5.3.1 en las plataformas HP NonStop y Tandem NSK no requiere que se sea del grupo mqm para la ejecución de tareas administrativas, lo que permite a usuarios locales evitar las restricciones de acceso pervistas a través del programa runmqsc, relacionado con \"paneles Pathway\".", }, ], id: "CVE-2008-1592", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-03-31T23:44:00.000", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/29360", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1019610", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg21297035", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/28235", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/0869", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29360", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1019610", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg21297035", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/28235", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/0869", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-12 17:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/99538 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/125146 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=swg22003856 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99538 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/125146 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg22003856 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 9.0.1 | |
| ibm | websphere_mq | 9.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "406AADD2-9732-44F1-91FC-F8C90088AD5A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.", }, { lang: "es", value: "IBM WebSphere MQ 9.0.1 y 9.0.2 podría permitir a un usuario autenticado con autoridad para enviar mensajes especialmente manipulados que causarían que un canal permaneciese en un estado de ejecución pero no procesaría mensajes. IBM X-Force ID: 125146.", }, ], id: "CVE-2017-1285", lastModified: "2024-11-21T03:21:38.397", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-12T17:29:00.403", references: [ { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99538", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=swg22003856", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99538", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=swg22003856", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-25 16:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22005415 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/100955 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/123914 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22005415 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100955 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/123914 | VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0.0.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 | |
| ibm | websphere_mq | 8.0.0.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "153F42BE-64AE-4D38-94C1-E59EF10632A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "D3679D6F-1E3A-4546-A05B-5B4EA515B4C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914.", }, { lang: "es", value: "La versión 8.0 de IBM WebSphere MQ podría permitir que un usuario autenticado finalice de manera prematura un hilo de la aplicación cliente, lo que podría provocar una denegación de servicio. IBM X-Force ID: 123914.", }, ], id: "CVE-2017-1235", lastModified: "2024-11-21T03:21:33.477", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-25T16:29:00.210", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005415", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100955", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/123914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005415", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100955", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/123914", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-26 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.", }, { lang: "es", value: "runmqsc en IBM WebSphere MQ 8.x en versiones anteriores a 8.0.0.5 permite a usuarios locales eludir un requisito de autoridad +dsp destinado y obtener información sensible a través de comandos de pantalla no especificados.", }, ], id: "CVE-2016-0259", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-26T14:59:01.277", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984561", }, { source: "psirt@us.ibm.com", url: "http://www.securitytracker.com/id/1036179", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984561", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036179", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-29 03:15
Modified
2024-11-21 01:38
Severity ?
Summary
IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/76799 | Broken Link, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/76799 | Broken Link, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.1:*:*:*:*:*:*:*", matchCriteriaId: "417A12D5-4E6E-487E-9515-2410B3697639", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager.", }, { lang: "es", value: "IBM WebSphere MQ versión 7.1, es vulnerable a una denegación de servicio, causada por un error cuando son manejados los identificadores de usuario. Un atacante remoto podría aprovechar esta vulnerabilidad para omitir la configuración de seguridad de un canal SVRCONN e inundar el administrador de colas", }, ], id: "CVE-2012-2201", lastModified: "2024-11-21T01:38:41.713", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-29T03:15:10.877", references: [ { source: "psirt@us.ibm.com", tags: [ "Broken Link", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76799", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76799", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-06-21 18:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22001468 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/99136 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/121155 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22001468 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99136 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/121155 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 | |
| ibm | websphere_mq | 9.0.0.0 | |
| ibm | websphere_mq | 9.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "153F42BE-64AE-4D38-94C1-E59EF10632A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F0628A7A-D9D7-4E29-B5D3-04707585463A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0C2DE42-FE8C-4023-A495-A2DBFE2F97F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155.", }, { lang: "es", value: "IBM WebSphere MQ 8.0 y 9.0 podrían permitir que un usuario autenticado provoque una denegación de servicio (DoS) en el canal MQXR cuando trace está habilitado. IBM X-Force ID: 121155.", }, ], id: "CVE-2017-1117", lastModified: "2024-11-21T03:21:21.343", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-06-21T18:29:00.247", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22001468", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99136", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/121155", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22001468", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99136", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/121155", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-10-29 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.0.2 | |
| ibm | websphere_mq | 7.0.1.0 | |
| ibm | websphere_mq | 7.0.1.1 | |
| ibm | websphere_mq | 7.0.1.2 | |
| ibm | websphere_mq | 7.0.1.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*", matchCriteriaId: "594287A4-AF30-4872-A5B8-1421FAB5C674", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AF396289-8409-4FE2-96DB-99818D5680B4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BDC03B4D-98C2-4704-9BF9-47888489B9C7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "73E4EAA2-8842-41AB-B8E0-944CDF72C893", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9D71A8D2-C97E-4A0D-B4F7-19E0B24AC887", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager.", }, { lang: "es", value: "IBM WebSphere MQ 7.x anteriores a 7.0.1.4 permite a atacantes remotos provocar una denegación de servicio (corrupción de disco) a través de intentos de conexión múltiples a un gestor de cola detenido.", }, ], id: "CVE-2010-0780", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-10-29T10:55:08.133", references: [ { source: "cve@mitre.org", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { source: "cve@mitre.org", url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ75124", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60638", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ75124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60638", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-16 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/168862 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1135101 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/168862 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1135101 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", matchCriteriaId: "307594DE-42ED-4BCA-9E0B-E8ECA97DB799", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "F65B1AC1-C86A-44B0-83A3-29101FACCEFE", versionEndIncluding: "9.0.0.9", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "0602BE96-C9C3-43FD-8F10-CA9B71805B43", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", matchCriteriaId: "B0E59D46-75D6-486D-8016-0B1BF8F8EB69", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "540183D8-751B-4442-9A2A-95D26AB8D23B", versionEndExcluding: "8.0.0.14", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", matchCriteriaId: "6DC4569D-0B83-4E88-A05D-3226DCF65E59", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", matchCriteriaId: "0AC72003-825A-4D5E-8012-E768CD8DFA3C", versionEndExcluding: "9.1.0.4", versionStartIncluding: "9.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", matchCriteriaId: "7C3893D3-0770-4E09-B6C5-B16EA587E217", versionEndIncluding: "7.5.0.9", versionStartIncluding: "7.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", matchCriteriaId: "91F372EA-3A78-4703-A457-751B2C98D796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.", }, { lang: "es", value: "IBM MQ e IBM MQ Appliance versiones 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS y 9.1 CD, podrían permitir a un atacante local obtener información confidencial mediante la inclusión de datos confidenciales dentro de una traza. ID de IBM X-Force: 168862.", }, ], id: "CVE-2019-4619", lastModified: "2024-11-21T04:43:52.833", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-16T16:15:12.577", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1135101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1135101", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-209", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-07-01 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network for a session in which TLS is not used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21960491 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1032772 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21960491 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032772 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network for a session in which TLS is not used.", }, { lang: "es", value: "MQ Explorer en IBM WebSphere MQ anterior a 8.0.0.3 no reconoce la ausencia de la opción del modo de compatibilidad, lo que permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red para una sesión en la que no se utiliza TLS.", }, ], id: "CVE-2015-1967", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-07-01T10:59:01.943", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960491", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960491", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032772", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-07 17:59
Modified
2024-11-21 03:00
Severity ?
Summary
IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=swg21998663 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg21998663 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 8.0 | |
| ibm | websphere_mq | 8.0.0.1 | |
| ibm | websphere_mq | 8.0.0.2 | |
| ibm | websphere_mq | 8.0.0.3 | |
| ibm | websphere_mq | 8.0.0.4 | |
| ibm | websphere_mq | 8.0.0.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", matchCriteriaId: "421E10D4-4B01-4D52-9FFB-208C4745063E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5502347-56F2-400F-944B-A532A3A8DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D800EA34-4826-4689-A3C0-03724290567B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DCBDF404-693B-4500-80FA-90AE022BD5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5FFC3793-4880-4103-B7F6-06F96A17357B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.", }, { lang: "es", value: "IBM WebSphere MQ 8.0 podría permitir a un usuario autenticado con permisios de gestión queue provocar una falla de segmentación que daría como resultado que la caja tuviera que reiniciarse para reanudar operaciones normales. Referencia de IBM #: 1998663.", }, ], id: "CVE-2016-8971", lastModified: "2024-11-21T03:00:23.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-07T17:59:00.180", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=swg21998663", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=swg21998663", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-09-10 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | 6 | |
| ibm | websphere_mq | 6.0 | |
| ibm | websphere_mq | 6.0.0.0 | |
| ibm | websphere_mq | 6.0.1.0 | |
| ibm | websphere_mq | 6.0.1.1 | |
| ibm | websphere_mq | 6.0.2.0 | |
| ibm | websphere_mq | 6.0.2.1 | |
| ibm | websphere_mq | 6.0.2.2 | |
| ibm | websphere_mq | 6.0.2.3 | |
| ibm | websphere_mq | 6.0.2.4 | |
| ibm | websphere_mq | 6.0.2.5 | |
| ibm | websphere_mq | 6.0.2.6 | |
| ibm | websphere_mq | 6.0.2.7 | |
| ibm | websphere_mq | 7.0.0.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.0.2 | |
| ibm | websphere_mq | 7.0.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:6:*:*:*:*:*:*:*", matchCriteriaId: "548ED888-1255-456C-88FD-2884539C157F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E6D2279B-482A-4CA6-9EF2-C57A95969BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9728448F-E295-4C33-B2F4-17FAAFCDF169", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0F36C644-664C-4758-9762-E808C80AE904", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9C670A3F-7BBB-4115-A037-B5E732ABB6BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "24CD8F97-39E0-455C-92CA-F0FE9AE5A0CC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C97EC1D0-CA59-4E2C-84EB-054BF27D1BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "7CCD33A5-6567-43CB-909D-D1851ACF4AA8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*", matchCriteriaId: "D3664585-D0B4-467C-9B6D-4F8E239F7DCD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*", matchCriteriaId: "C2216808-BAE9-4034-9618-5EC4CCB80E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*", matchCriteriaId: "B6263B9D-A62A-4E41-958A-968F9ACA0CE6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*", matchCriteriaId: "19983CDF-4769-4B56-98ED-CE7EE0C1AFF6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:6.0.2.7:*:*:*:*:*:*:*", matchCriteriaId: "9377F533-15D0-4F81-B7C1-A84E5346EF6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "985DE0C7-1F86-4128-B177-0A2C84C138EE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "896273C9-11F9-45A0-BA46-66F37DFACCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AF396289-8409-4FE2-96DB-99818D5680B4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E60ABB-E703-4745-98F3-22609FF70F6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a \"memory overwrite\" issue.", }, { lang: "es", value: "IBM WebSphere MQ v6.x desde v6.0.2.7, v7.0.0.0, v7.0.0.1, v7.0.0.2, y v7.0.1.0, cuando \"read ahead\" o \"asynchronous message consumption\" esta activado, permite a atacantes remotos obtener un impacto desconocido a traves de vectores desconocidos, relacionado con la sobrescritura de memoria.", }, ], id: "CVE-2009-3160", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 8.8, confidentialityImpact: "NONE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:N/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 9.2, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-09-10T18:30:00.577", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36647", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { source: "cve@mitre.org", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ56259", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/36310", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/2578", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36647", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ56259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/36310", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/2578", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2012-3295 (GCVE-0-2012-3295)
Vulnerability from cvelistv5
Published
2012-08-29 22:00
Modified
2024-08-06 19:57
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21595523 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM56593 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77279 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:57:50.537Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21595523", }, { name: "PM56593", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM56593", }, { name: "wmq-svrconn-security-bypass(77279)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77279", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-08-17T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21595523", }, { name: "PM56593", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM56593", }, { name: "wmq-svrconn-security-bypass(77279)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77279", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2012-3295", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg21595523", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21595523", }, { name: "PM56593", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM56593", }, { name: "wmq-svrconn-security-bypass(77279)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77279", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2012-3295", datePublished: "2012-08-29T22:00:00", dateReserved: "2012-06-07T00:00:00", dateUpdated: "2024-08-06T19:57:50.537Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1503 (GCVE-0-2018-1503)
Vulnerability from cvelistv5
Published
2018-07-23 13:00
Modified
2024-09-16 17:59
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104953 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22015617 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1041387 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/141339 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere MQ |
Version: 7.5 Version: 8.0 Version: 9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.062Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104953", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104953", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22015617", }, { name: "1041387", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041387", }, { name: "ibm-websphere-cve20181503-dos(141339)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/141339", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, ], }, ], datePublic: "2018-07-20T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.8, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/A:L/AC:L/AV:N/C:N/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "104953", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104953", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22015617", }, { name: "1041387", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041387", }, { name: "ibm-websphere-cve20181503-dos(141339)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/141339", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-07-20T00:00:00", ID: "CVE-2018-1503", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.0", }, { version_value: "9.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "104953", refsource: "BID", url: "http://www.securityfocus.com/bid/104953", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22015617", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22015617", }, { name: "1041387", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041387", }, { name: "ibm-websphere-cve20181503-dos(141339)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/141339", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1503", datePublished: "2018-07-23T13:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T17:59:15.374Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-4682 (GCVE-0-2020-4682)
Vulnerability from cvelistv5
Published
2021-01-28 12:55
Modified
2024-09-16 19:04
Severity ?
EPSS score ?
Summary
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6408626 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/186509 | vdb-entry, x_refsource_XF |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:57.859Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6408626", }, { name: "ibm-mq-cve20204682-code-exec (186509)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0.0", }, { status: "affected", version: "9.0.0", }, { status: "affected", version: "9.1.0", }, { status: "affected", version: "7.5.0", }, { status: "affected", version: "9.2.0", }, ], }, ], datePublic: "2021-01-27T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.1, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/I:H/S:U/C:H/UI:N/A:H/AV:N/PR:N/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-28T12:55:15", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6408626", }, { name: "ibm-mq-cve20204682-code-exec (186509)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-01-27T00:00:00", ID: "CVE-2020-4682", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0.0", }, { version_value: "9.0.0", }, { version_value: "9.1.0", }, { version_value: "7.5.0", }, { version_value: "9.2.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "H", I: "H", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6408626", refsource: "CONFIRM", title: "IBM Security Bulletin 6408626 (MQ)", url: "https://www.ibm.com/support/pages/node/6408626", }, { name: "ibm-mq-cve20204682-code-exec (186509)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4682", datePublished: "2021-01-28T12:55:15.366622Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T19:04:36.558Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1612 (GCVE-0-2017-1612)
Vulnerability from cvelistv5
Published
2018-01-09 20:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040175 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102479 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/132953 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22009918 | x_refsource_CONFIRM |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:32.123Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1040175", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040175", }, { name: "102479", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102479", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22009918", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, ], }, ], datePublic: "2018-01-04T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.", }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-14T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "1040175", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040175", }, { name: "102479", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102479", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22009918", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-01-04T00:00:00", ID: "CVE-2017-1612", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "7.0.1", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "8.0", }, { version_value: "9.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "1040175", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040175", }, { name: "102479", refsource: "BID", url: "http://www.securityfocus.com/bid/102479", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22009918", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22009918", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1612", datePublished: "2018-01-09T20:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T18:29:50.060Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1374 (GCVE-0-2018-1374)
Vulnerability from cvelistv5
Published
2018-06-26 20:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg22012982 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/137775 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere MQ |
Version: 7.1 Version: 7.5 Version: 7.5.0.1 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.5.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.5.0.3 Version: 8.0.0.0 Version: 8.0.0.1 Version: 7.5.0.4 Version: 7.1.0.5 Version: 8.0.0.2 Version: 8.0.0.4 Version: 8.0.0.3 Version: 9.0.0 Version: 8.0.0.6 Version: 9.0.1 Version: 9.0.2 Version: 7.1.0.6 Version: 7.1.0.7 Version: 7.1.0.8 Version: 7.1.0.9 Version: 8.0.0.5 Version: 8.0.0.7 Version: 8.0.0.8 Version: 9.0.0.0 Version: 9.0.0.1 Version: 9.0.0.2 Version: 9.0.3 Version: 9.0.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:38.605Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg22012982", }, { name: "ibm-websphere-cve20181374-dos(137775)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137775", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.1.0.4", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "7.1.0.5", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "9.0.0", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "7.1.0.6", }, { status: "affected", version: "7.1.0.7", }, { status: "affected", version: "7.1.0.8", }, { status: "affected", version: "7.1.0.9", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, ], }, ], datePublic: "2018-06-22T00:00:00", descriptions: [ { lang: "en", value: "An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:H/AV:N/C:N/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-26T19:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg22012982", }, { name: "ibm-websphere-cve20181374-dos(137775)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137775", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-06-22T00:00:00", ID: "CVE-2018-1374", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.5.0.1", }, { version_value: "7.1.0.1", }, { version_value: "7.1.0.2", }, { version_value: "7.5.0.2", }, { version_value: "7.1.0.3", }, { version_value: "7.1.0.4", }, { version_value: "7.5.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.1", }, { version_value: "7.5.0.4", }, { version_value: "7.1.0.5", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.3", }, { version_value: "9.0.0", }, { version_value: "8.0.0.6", }, { version_value: "9.0.1", }, { version_value: "9.0.2", }, { version_value: "7.1.0.6", }, { version_value: "7.1.0.7", }, { version_value: "7.1.0.8", }, { version_value: "7.1.0.9", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.7", }, { version_value: "8.0.0.8", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.1", }, { version_value: "9.0.0.2", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg22012982", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg22012982", }, { name: "ibm-websphere-cve20181374-dos(137775)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137775", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1374", datePublished: "2018-06-26T20:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T18:29:16.726Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1236 (GCVE-0-2017-1236)
Vulnerability from cvelistv5
Published
2017-07-06 14:00
Modified
2024-09-16 17:37
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22003510 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99505 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/124354 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:25:17.451Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003510", }, { name: "99505", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99505", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.2", }, ], }, ], datePublic: "2017-07-05T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003510", }, { name: "99505", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99505", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-07-05T00:00:00", ID: "CVE-2017-1236", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22003510", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22003510", }, { name: "99505", refsource: "BID", url: "http://www.securityfocus.com/bid/99505", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1236", datePublished: "2017-07-06T14:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T17:37:47.300Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2010-0782 (GCVE-0-2010-0782)
Vulnerability from cvelistv5
Published
2010-10-20 17:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg27014224 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/60018 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68707 | vendor-advisory, x_refsource_AIXAPAR |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:59:39.130Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "websphere-mq-subjectdn-spoofing(60018)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60018", }, { name: "IZ68707", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68707", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-10-01T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "websphere-mq-subjectdn-spoofing(60018)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60018", }, { name: "IZ68707", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68707", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-0782", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "websphere-mq-subjectdn-spoofing(60018)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60018", }, { name: "IZ68707", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68707", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-0782", datePublished: "2010-10-20T17:00:00", dateReserved: "2010-03-02T00:00:00", dateUpdated: "2024-08-07T00:59:39.130Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-0189 (GCVE-0-2015-0189)
Vulnerability from cvelistv5
Published
2015-05-20 10:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21883457 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1032374 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IT05869 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/bid/74706 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:03:10.641Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883457", }, { name: "1032374", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032374", }, { name: "IT05869", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05869", }, { name: "74706", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/74706", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-05-18T00:00:00", descriptions: [ { lang: "en", value: "The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-30T15:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883457", }, { name: "1032374", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032374", }, { name: "IT05869", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05869", }, { name: "74706", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/74706", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-0189", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21883457", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883457", }, { name: "1032374", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032374", }, { name: "IT05869", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05869", }, { name: "74706", refsource: "BID", url: "http://www.securityfocus.com/bid/74706", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-0189", datePublished: "2015-05-20T10:00:00", dateReserved: "2014-11-18T00:00:00", dateUpdated: "2024-08-06T04:03:10.641Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-7462 (GCVE-0-2015-7462)
Vulnerability from cvelistv5
Published
2016-06-19 20:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036053 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21984557 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:27.611Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036053", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036053", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984557", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-02T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-28T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "1036053", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036053", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984557", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-7462", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1036053", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036053", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21984557", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984557", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-7462", datePublished: "2016-06-19T20:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:27.611Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2010-2638 (GCVE-0-2010-2638)
Vulnerability from cvelistv5
Published
2010-11-15 20:00
Modified
2024-08-07 02:39
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC71123 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/63147 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T02:39:37.969Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IC71123", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71123", }, { name: "wmq-fdc-dos(63147)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/63147", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-11-10T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "IC71123", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71123", }, { name: "wmq-fdc-dos(63147)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/63147", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-2638", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IC71123", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71123", }, { name: "wmq-fdc-dos(63147)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/63147", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-2638", datePublished: "2010-11-15T20:00:00", dateReserved: "2010-07-06T00:00:00", dateUpdated: "2024-08-07T02:39:37.969Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0259 (GCVE-0-2016-0259)
Vulnerability from cvelistv5
Published
2016-06-26 14:00
Modified
2024-08-05 22:15
Severity ?
EPSS score ?
Summary
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21984561 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036179 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:15:23.304Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984561", }, { name: "1036179", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036179", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-02T00:00:00", descriptions: [ { lang: "en", value: "runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-28T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984561", }, { name: "1036179", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036179", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-0259", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21984561", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984561", }, { name: "1036179", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036179", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-0259", datePublished: "2016-06-26T14:00:00", dateReserved: "2015-12-08T00:00:00", dateUpdated: "2024-08-05T22:15:23.304Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-8986 (GCVE-0-2016-8986)
Vulnerability from cvelistv5
Published
2017-02-22 19:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96412 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg21998648 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere MQ |
Version: 8.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:35:02.362Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96412", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96412", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998648", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM Corporation", versions: [ { status: "affected", version: "8.0", }, ], }, ], datePublic: "2017-02-20T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-01T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "96412", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96412", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998648", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-8986", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "8.0", }, ], }, }, ], }, vendor_name: "IBM Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "96412", refsource: "BID", url: "http://www.securityfocus.com/bid/96412", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg21998648", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21998648", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-8986", datePublished: "2017-02-22T19:00:00", dateReserved: "2016-10-25T00:00:00", dateUpdated: "2024-08-06T02:35:02.362Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-3052 (GCVE-0-2016-3052)
Vulnerability from cvelistv5
Published
2017-02-22 19:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21998660 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96400 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere MQ |
Version: 8.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:40:15.191Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998660", }, { name: "96400", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96400", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM Corporation", versions: [ { status: "affected", version: "8.0", }, ], }, ], datePublic: "2017-02-20T00:00:00", descriptions: [ { lang: "en", value: "Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998660", }, { name: "96400", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96400", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-3052", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "8.0", }, ], }, }, ], }, vendor_name: "IBM Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg21998660", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21998660", }, { name: "96400", refsource: "BID", url: "http://www.securityfocus.com/bid/96400", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-3052", datePublished: "2017-02-22T19:00:00", dateReserved: "2016-03-09T00:00:00", dateUpdated: "2024-08-05T23:40:15.191Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-4771 (GCVE-0-2014-4771)
Vulnerability from cvelistv5
Published
2015-02-13 02:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV69190 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94842 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21696120 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:27:36.080Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IV69190", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV69190", }, { name: "ibm-webspheremq-cve20144771-dos(94842)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94842", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21696120", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-05T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "IV69190", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV69190", }, { name: "ibm-webspheremq-cve20144771-dos(94842)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94842", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21696120", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2014-4771", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IV69190", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV69190", }, { name: "ibm-webspheremq-cve20144771-dos(94842)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94842", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21696120", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21696120", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2014-4771", datePublished: "2015-02-13T02:00:00", dateReserved: "2014-07-09T00:00:00", dateUpdated: "2024-08-06T11:27:36.080Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-4793 (GCVE-0-2014-4793)
Vulnerability from cvelistv5
Published
2014-10-02 00:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21685526 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95208 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:27:36.833Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685526", }, { name: "ibm-webspheremq-cve20144793-chlauth(95208)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95208", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-01T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685526", }, { name: "ibm-webspheremq-cve20144793-chlauth(95208)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95208", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2014-4793", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685526", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685526", }, { name: "ibm-webspheremq-cve20144793-chlauth(95208)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95208", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2014-4793", datePublished: "2014-10-02T00:00:00", dateReserved: "2014-07-09T00:00:00", dateUpdated: "2024-08-06T11:27:36.833Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2009-3159 (GCVE-0-2009-3159)
Vulnerability from cvelistv5
Published
2009-09-10 18:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-1.ibm.com/support/docview.wss?uid=swg1IC62450 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.vupen.com/english/advisories/2009/2578 | vdb-entry, x_refsource_VUPEN | |
| http://www-01.ibm.com/support/docview.wss?uid=swg24024153 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/36310 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/36647 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T06:14:56.341Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IC62450", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC62450", }, { name: "ADV-2009-2578", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/2578", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { name: "36310", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/36310", }, { name: "36647", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36647", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-09-08T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-09-22T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "IC62450", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC62450", }, { name: "ADV-2009-2578", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/2578", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { name: "36310", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/36310", }, { name: "36647", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36647", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-3159", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IC62450", refsource: "AIXAPAR", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC62450", }, { name: "ADV-2009-2578", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/2578", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { name: "36310", refsource: "BID", url: "http://www.securityfocus.com/bid/36310", }, { name: "36647", refsource: "SECUNIA", url: "http://secunia.com/advisories/36647", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-3159", datePublished: "2009-09-10T18:00:00", dateReserved: "2009-09-10T00:00:00", dateUpdated: "2024-08-07T06:14:56.341Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-4863 (GCVE-0-2012-4863)
Vulnerability from cvelistv5
Published
2020-01-23 13:49
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79920 | x_refsource_MISC | |
| https://www.tenable.com/plugins/nessus/63099 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere MQ |
Version: 7.1 without Fix Pack 7.1.0.2 Version: 7.5 without Fix Pack 7.5.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:50:17.591Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79920", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/plugins/nessus/63099", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM", versions: [ { status: "affected", version: "7.1 without Fix Pack 7.1.0.2", }, { status: "affected", version: "7.5 without Fix Pack 7.5.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability", }, ], problemTypes: [ { descriptions: [ { description: "denial of service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-23T13:49:42", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79920", }, { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/plugins/nessus/63099", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2012-4863", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "7.1 without Fix Pack 7.1.0.2", }, { version_value: "7.5 without Fix Pack 7.5.0.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "denial of service", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79920", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79920", }, { name: "https://www.tenable.com/plugins/nessus/63099", refsource: "MISC", url: "https://www.tenable.com/plugins/nessus/63099", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2012-4863", datePublished: "2020-01-23T13:49:42", dateReserved: "2012-09-06T00:00:00", dateUpdated: "2024-08-06T20:50:17.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4078 (GCVE-0-2019-4078)
Vulnerability from cvelistv5
Published
2019-05-23 14:05
Modified
2024-09-16 20:11
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10872876 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/157190 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 8.0.0.11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:27.998Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10872876", }, { name: "ibm-websphere-cve20194078-priv-escalation (157190)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/157190", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "8.0.0.11", }, ], }, ], datePublic: "2019-05-21T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:H/S:U/UI:N/C:H/A:H/AV:L/AC:H/PR:N/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T14:05:15", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10872876", }, { name: "ibm-websphere-cve20194078-priv-escalation (157190)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/157190", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-05-21T00:00:00", ID: "CVE-2019-4078", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "8.0.0.11", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "L", C: "H", I: "H", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10872876", refsource: "CONFIRM", title: "IBM Security Bulletin 0872876 (MQ)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10872876", }, { name: "ibm-websphere-cve20194078-priv-escalation (157190)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/157190", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4078", datePublished: "2019-05-23T14:05:15.498574Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T20:11:56.782Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2009-0900 (GCVE-0-2009-0900)
Vulnerability from cvelistv5
Published
2011-10-30 19:00
Modified
2024-08-07 04:48
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg1IC59375 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51038 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:48:52.700Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IC59375", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg1IC59375", }, { name: "websphere-mq-client-ccdt-bo(51038)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51038", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-06-05T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "IC59375", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www.ibm.com/support/docview.wss?uid=swg1IC59375", }, { name: "websphere-mq-client-ccdt-bo(51038)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51038", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-0900", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IC59375", refsource: "AIXAPAR", url: "http://www.ibm.com/support/docview.wss?uid=swg1IC59375", }, { name: "websphere-mq-client-ccdt-bo(51038)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51038", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-0900", datePublished: "2011-10-30T19:00:00", dateReserved: "2009-03-14T00:00:00", dateUpdated: "2024-08-07T04:48:52.700Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2009-0439 (GCVE-0-2009-0439)
Vulnerability from cvelistv5
Published
2009-02-24 17:00
Modified
2024-08-07 04:31
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/33857 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/52297 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/34034 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48529 | vdb-entry, x_refsource_XF | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1IZ40824 | vendor-advisory, x_refsource_AIXAPAR |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:31:26.202Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037", }, { name: "33857", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/33857", }, { name: "52297", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/52297", }, { name: "34034", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/34034", }, { name: "websphere-mq-privilege-escalation(48529)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48529", }, { name: "IZ40824", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ40824", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-02-23T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037", }, { name: "33857", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/33857", }, { name: "52297", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/52297", }, { name: "34034", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/34034", }, { name: "websphere-mq-privilege-escalation(48529)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48529", }, { name: "IZ40824", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ40824", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-0439", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037", refsource: "MISC", url: "http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037", }, { name: "33857", refsource: "BID", url: "http://www.securityfocus.com/bid/33857", }, { name: "52297", refsource: "OSVDB", url: "http://osvdb.org/52297", }, { name: "34034", refsource: "SECUNIA", url: "http://secunia.com/advisories/34034", }, { name: "websphere-mq-privilege-escalation(48529)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48529", }, { name: "IZ40824", refsource: "AIXAPAR", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ40824", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-0439", datePublished: "2009-02-24T17:00:00", dateReserved: "2009-02-05T00:00:00", dateUpdated: "2024-08-07T04:31:26.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-6089 (GCVE-0-2016-6089)
Vulnerability from cvelistv5
Published
2017-06-07 17:00
Modified
2024-08-06 01:22
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/117926 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22003509 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98770 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:22:20.111Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003509", }, { name: "98770", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98770", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, ], }, ], datePublic: "2017-05-31T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.", }, ], problemTypes: [ { descriptions: [ { description: "File Manipulation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-06-08T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003509", }, { name: "98770", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98770", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-6089", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "File Manipulation", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22003509", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22003509", }, { name: "98770", refsource: "BID", url: "http://www.securityfocus.com/bid/98770", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-6089", datePublished: "2017-06-07T17:00:00", dateReserved: "2016-06-29T00:00:00", dateUpdated: "2024-08-06T01:22:20.111Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2010-0772 (GCVE-0-2010-0772)
Vulnerability from cvelistv5
Published
2010-04-27 15:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via "incorrect channel control data."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/58039 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1023961 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2010/1083 | vdb-entry, x_refsource_VUPEN | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1IZ68621 | vendor-advisory, x_refsource_AIXAPAR |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:59:39.075Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "websphere-mq-ccd-dos(58039)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/58039", }, { name: "1023961", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1023961", }, { name: "ADV-2010-1083", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/1083", }, { name: "IZ68621", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ68621", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-04-21T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via \"incorrect channel control data.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "websphere-mq-ccd-dos(58039)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/58039", }, { name: "1023961", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1023961", }, { name: "ADV-2010-1083", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/1083", }, { name: "IZ68621", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ68621", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-0772", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via \"incorrect channel control data.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "websphere-mq-ccd-dos(58039)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/58039", }, { name: "1023961", refsource: "SECTRACK", url: "http://securitytracker.com/id?1023961", }, { name: "ADV-2010-1083", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/1083", }, { name: "IZ68621", refsource: "AIXAPAR", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ68621", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-0772", datePublished: "2010-04-27T15:00:00", dateReserved: "2010-03-02T00:00:00", dateUpdated: "2024-08-07T00:59:39.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4141 (GCVE-0-2019-4141)
Vulnerability from cvelistv5
Published
2019-09-27 14:00
Modified
2024-09-16 18:43
Severity ?
EPSS score ?
Summary
IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/876772 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158337 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 Version: 8.0.0.8 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.1.0.5 Version: 7.1.0.6 Version: 7.1.0.7 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 7.1.0.0 Version: 7.1.0.8 Version: 7.1.0.9 Version: 7.5.0.0 Version: 7.5.0.9 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:27.932Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/876772", }, { name: "ibm-websphere-cve20194141-dos (158337)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "7.5.0.5", }, { status: "affected", version: "7.5.0.6", }, { status: "affected", version: "7.5.0.7", }, { status: "affected", version: "7.5.0.8", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.1.0.4", }, { status: "affected", version: "7.1.0.5", }, { status: "affected", version: "7.1.0.6", }, { status: "affected", version: "7.1.0.7", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, { status: "affected", version: "7.1.0.0", }, { status: "affected", version: "7.1.0.8", }, { status: "affected", version: "7.1.0.9", }, { status: "affected", version: "7.5.0.0", }, { status: "affected", version: "7.5.0.9", }, ], }, ], datePublic: "2019-09-25T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/UI:N/S:U/I:N/A:H/C:N/AV:N/AC:H/PR:L/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-27T14:00:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/876772", }, { name: "ibm-websphere-cve20194141-dos (158337)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-09-25T00:00:00", ID: "CVE-2019-4141", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "7.5.0.1", }, { version_value: "7.5.0.2", }, { version_value: "7.5.0.3", }, { version_value: "7.5.0.4", }, { version_value: "7.5.0.5", }, { version_value: "7.5.0.6", }, { version_value: "7.5.0.7", }, { version_value: "7.5.0.8", }, { version_value: "8.0.0.8", }, { version_value: "7.1.0.2", }, { version_value: "7.1.0.3", }, { version_value: "7.1.0.4", }, { version_value: "7.1.0.5", }, { version_value: "7.1.0.6", }, { version_value: "7.1.0.7", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, { version_value: "7.1.0.0", }, { version_value: "7.1.0.8", }, { version_value: "7.1.0.9", }, { version_value: "7.5.0.0", }, { version_value: "7.5.0.9", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/876772", refsource: "CONFIRM", title: "IBM Security Bulletin 876772 (MQ)", url: "https://www.ibm.com/support/pages/node/876772", }, { name: "ibm-websphere-cve20194141-dos (158337)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4141", datePublished: "2019-09-27T14:00:20.780461Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T18:43:22.998Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0260 (GCVE-0-2016-0260)
Vulnerability from cvelistv5
Published
2016-06-29 01:00
Modified
2024-08-05 22:15
Severity ?
EPSS score ?
Summary
Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21984564 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:15:23.243Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984564", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-02T00:00:00", descriptions: [ { lang: "en", value: "Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-29T01:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984564", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-0260", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21984564", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984564", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-0260", datePublished: "2016-06-29T01:00:00", dateReserved: "2015-12-08T00:00:00", dateUpdated: "2024-08-05T22:15:23.243Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2009-0896 (GCVE-0-2009-0896)
Vulnerability from cvelistv5
Published
2009-06-03 16:33
Modified
2024-08-07 04:48
Severity ?
EPSS score ?
Summary
Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/35170 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50641 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/1463 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1022311 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21386826 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/35303 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1IZ50784 | vendor-advisory, x_refsource_AIXAPAR |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:48:52.698Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "35170", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/35170", }, { name: "websphere-mq-clientconnection-bo(50641)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50641", }, { name: "ADV-2009-1463", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/1463", }, { name: "1022311", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1022311", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21386826", }, { name: "35303", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35303", }, { name: "IZ50784", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ50784", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-05-29T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "35170", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/35170", }, { name: "websphere-mq-clientconnection-bo(50641)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50641", }, { name: "ADV-2009-1463", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/1463", }, { name: "1022311", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1022311", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21386826", }, { name: "35303", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35303", }, { name: "IZ50784", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ50784", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-0896", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "35170", refsource: "BID", url: "http://www.securityfocus.com/bid/35170", }, { name: "websphere-mq-clientconnection-bo(50641)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50641", }, { name: "ADV-2009-1463", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/1463", }, { name: "1022311", refsource: "SECTRACK", url: "http://securitytracker.com/id?1022311", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21386826", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21386826", }, { name: "35303", refsource: "SECUNIA", url: "http://secunia.com/advisories/35303", }, { name: "IZ50784", refsource: "AIXAPAR", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ50784", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-0896", datePublished: "2009-06-03T16:33:00", dateReserved: "2009-03-14T00:00:00", dateUpdated: "2024-08-07T04:48:52.698Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1145 (GCVE-0-2017-1145)
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 13:25
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21999672 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96759 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038068 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere MQ |
Version: 8.0.0.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:25:17.194Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21999672", }, { name: "96759", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96759", }, { name: "1038068", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038068", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM Corporation", versions: [ { status: "affected", version: "8.0.0.6", }, ], }, ], datePublic: "2017-03-03T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21999672", }, { name: "96759", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96759", }, { name: "1038068", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038068", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2017-1145", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "8.0.0.6", }, ], }, }, ], }, vendor_name: "IBM Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg21999672", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21999672", }, { name: "96759", refsource: "BID", url: "http://www.securityfocus.com/bid/96759", }, { name: "1038068", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038068", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1145", datePublished: "2017-03-20T16:00:00", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-08-05T13:25:17.194Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2011-0310 (GCVE-0-2011-0310)
Vulnerability from cvelistv5
Published
2011-01-13 18:35
Modified
2024-08-06 21:51
Severity ?
EPSS score ?
Summary
Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/70476 | vdb-entry, x_refsource_OSVDB | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27014224 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/45923 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2011/0128 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/42958 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64628 | vdb-entry, x_refsource_XF | |
| https://www-304.ibm.com/support/docview.wss?uid=swg1SE45551 | vendor-advisory, x_refsource_AIXAPAR |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:51:07.672Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "70476", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/70476", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "45923", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/45923", }, { name: "ADV-2011-0128", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2011/0128", }, { name: "42958", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/42958", }, { name: "wmq-messageheader-bo(64628)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64628", }, { name: "IZ77607", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "https://www-304.ibm.com/support/docview.wss?uid=swg1SE45551", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-01-12T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "70476", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/70476", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "45923", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/45923", }, { name: "ADV-2011-0128", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2011/0128", }, { name: "42958", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/42958", }, { name: "wmq-messageheader-bo(64628)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64628", }, { name: "IZ77607", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "https://www-304.ibm.com/support/docview.wss?uid=swg1SE45551", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-0310", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "70476", refsource: "OSVDB", url: "http://osvdb.org/70476", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "45923", refsource: "BID", url: "http://www.securityfocus.com/bid/45923", }, { name: "ADV-2011-0128", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2011/0128", }, { name: "42958", refsource: "SECUNIA", url: "http://secunia.com/advisories/42958", }, { name: "wmq-messageheader-bo(64628)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64628", }, { name: "IZ77607", refsource: "AIXAPAR", url: "https://www-304.ibm.com/support/docview.wss?uid=swg1SE45551", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-0310", datePublished: "2011-01-13T18:35:00", dateReserved: "2011-01-06T00:00:00", dateUpdated: "2024-08-06T21:51:07.672Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-4054 (GCVE-0-2013-4054)
Vulnerability from cvelistv5
Published
2014-03-02 02:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21664550 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86506 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:30:50.017Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21664550", }, { name: "ibm-webspheremq-cve20134054-read(86506)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/86506", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-27T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21664550", }, { name: "ibm-webspheremq-cve20134054-read(86506)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/86506", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2013-4054", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21664550", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21664550", }, { name: "ibm-webspheremq-cve20134054-read(86506)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/86506", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2013-4054", datePublished: "2014-03-02T02:00:00", dateReserved: "2013-06-07T00:00:00", dateUpdated: "2024-08-06T16:30:50.017Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-2206 (GCVE-0-2012-2206)
Vulnerability from cvelistv5
Published
2012-08-17 10:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/20478/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.ibm.com/support/docview.wss?uid=swg21607481 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77095 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761 | vendor-advisory, x_refsource_AIXAPAR |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:26:08.974Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20478", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/20478/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21607481", }, { name: "wmq-ftewg-security-bypass(77095)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77095", }, { name: "IC82761", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-08-10T00:00:00", descriptions: [ { lang: "en", value: "The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "20478", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/20478/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21607481", }, { name: "wmq-ftewg-security-bypass(77095)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77095", }, { name: "IC82761", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2012-2206", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20478", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/20478/", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg21607481", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21607481", }, { name: "wmq-ftewg-security-bypass(77095)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77095", }, { name: "IC82761", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2012-2206", datePublished: "2012-08-17T10:00:00", dateReserved: "2012-04-04T00:00:00", dateUpdated: "2024-08-06T19:26:08.974Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4619 (GCVE-0-2019-4619)
Vulnerability from cvelistv5
Published
2020-03-16 15:25
Modified
2024-09-16 20:12
Severity ?
EPSS score ?
Summary
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1135101 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/168862 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 Version: 8.0.0.8 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.1.0.5 Version: 7.1.0.6 Version: 7.1.0.7 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 7.1.0.0 Version: 7.1.0.8 Version: 7.1.0.9 Version: 7.5.0.0 Version: 7.5.0.9 Version: 8.0.0.12 Version: 9.1.0.3 Version: 9.1.3 Version: 9.0.0.7 Version: 8.0.0.13 Version: 9.0.0.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:48.099Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1135101", }, { name: "ibm-mq-cve20194619-info-disc (168862)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "7.5.0.5", }, { status: "affected", version: "7.5.0.6", }, { status: "affected", version: "7.5.0.7", }, { status: "affected", version: "7.5.0.8", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.1.0.4", }, { status: "affected", version: "7.1.0.5", }, { status: "affected", version: "7.1.0.6", }, { status: "affected", version: "7.1.0.7", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, { status: "affected", version: "7.1.0.0", }, { status: "affected", version: "7.1.0.8", }, { status: "affected", version: "7.1.0.9", }, { status: "affected", version: "7.5.0.0", }, { status: "affected", version: "7.5.0.9", }, { status: "affected", version: "8.0.0.12", }, { status: "affected", version: "9.1.0.3", }, { status: "affected", version: "9.1.3", }, { status: "affected", version: "9.0.0.7", }, { status: "affected", version: "8.0.0.13", }, { status: "affected", version: "9.0.0.8", }, ], }, ], datePublic: "2020-03-13T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/PR:N/AV:L/AC:H/A:N/I:N/UI:N/S:U/C:H/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-16T15:25:19", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1135101", }, { name: "ibm-mq-cve20194619-info-disc (168862)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-03-13T00:00:00", ID: "CVE-2019-4619", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "7.5.0.1", }, { version_value: "7.5.0.2", }, { version_value: "7.5.0.3", }, { version_value: "7.5.0.4", }, { version_value: "7.5.0.5", }, { version_value: "7.5.0.6", }, { version_value: "7.5.0.7", }, { version_value: "7.5.0.8", }, { version_value: "8.0.0.8", }, { version_value: "7.1.0.1", }, { version_value: "7.1.0.2", }, { version_value: "7.1.0.3", }, { version_value: "7.1.0.4", }, { version_value: "7.1.0.5", }, { version_value: "7.1.0.6", }, { version_value: "7.1.0.7", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, { version_value: "7.1.0.0", }, { version_value: "7.1.0.8", }, { version_value: "7.1.0.9", }, { version_value: "7.5.0.0", }, { version_value: "7.5.0.9", }, { version_value: "8.0.0.12", }, { version_value: "9.1.0.3", }, { version_value: "9.1.3", }, { version_value: "9.0.0.7", }, { version_value: "8.0.0.13", }, { version_value: "9.0.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "L", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1135101", refsource: "CONFIRM", title: "IBM Security Bulletin 1135101 (MQ)", url: "https://www.ibm.com/support/pages/node/1135101", }, { name: "ibm-mq-cve20194619-info-disc (168862)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4619", datePublished: "2020-03-16T15:25:20.026505Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T20:12:49.114Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1551 (GCVE-0-2018-1551)
Vulnerability from cvelistv5
Published
2018-08-06 14:00
Modified
2024-09-16 20:21
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10716113 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/142888 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/105040 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere MQ |
Version: 8.0.0.2 Version: 8.0.0.4 Version: 8.0.0.3 Version: 8.0.0.6 Version: 8.0.0.5 Version: 8.0.0.7 Version: 8.0.0.8 Version: 9.0.0.0 Version: 9.0.0.1 Version: 9.0.0.2 Version: 9.0.0.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:07:43.764Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10716113", }, { name: "ibm-websphere-cve20181551-improper-access(142888)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142888", }, { name: "105040", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105040", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.0.3", }, ], }, ], datePublic: "2018-07-31T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 2.7, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:H/AV:N/C:N/I:L/PR:L/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-09T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10716113", }, { name: "ibm-websphere-cve20181551-improper-access(142888)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142888", }, { name: "105040", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105040", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-07-31T00:00:00", ID: "CVE-2018-1551", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "8.0.0.2", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.7", }, { version_value: "8.0.0.8", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.1", }, { version_value: "9.0.0.2", }, { version_value: "9.0.0.3", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "N", I: "L", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10716113", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10716113", }, { name: "ibm-websphere-cve20181551-improper-access(142888)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142888", }, { name: "105040", refsource: "BID", url: "http://www.securityfocus.com/bid/105040", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1551", datePublished: "2018-08-06T14:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T20:21:49.392Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1235 (GCVE-0-2017-1235)
Vulnerability from cvelistv5
Published
2017-09-25 16:00
Modified
2024-09-16 22:02
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22005415 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/123914 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/100955 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:25:17.599Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005415", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/123914", }, { name: "100955", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100955", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "8", }, ], }, ], datePublic: "2017-09-20T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-26T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005415", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/123914", }, { name: "100955", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100955", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-09-20T00:00:00", ID: "CVE-2017-1235", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22005415", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22005415", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/123914", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/123914", }, { name: "100955", refsource: "BID", url: "http://www.securityfocus.com/bid/100955", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1235", datePublished: "2017-09-25T16:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T22:02:28.205Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-3294 (GCVE-0-2012-3294)
Vulnerability from cvelistv5
Published
2012-08-17 10:00
Modified
2024-08-06 19:57
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21607482 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77180 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securitytracker.com/id?1027373 | vdb-entry, x_refsource_SECTRACK | |
| http://www.exploit-db.com/exploits/20477/ | exploit, x_refsource_EXPLOIT-DB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:57:50.415Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21607482", }, { name: "wmq-fte-csrf(77180)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77180", }, { name: "IC85516", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516", }, { name: "1027373", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027373", }, { name: "20477", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/20477/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-08-10T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21607482", }, { name: "wmq-fte-csrf(77180)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77180", }, { name: "IC85516", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516", }, { name: "1027373", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027373", }, { name: "20477", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/20477/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2012-3294", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg21607482", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21607482", }, { name: "wmq-fte-csrf(77180)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77180", }, { name: "IC85516", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516", }, { name: "1027373", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1027373", }, { name: "20477", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/20477/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2012-3294", datePublished: "2012-08-17T10:00:00", dateReserved: "2012-06-07T00:00:00", dateUpdated: "2024-08-06T19:57:50.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4039 (GCVE-0-2019-4039)
Vulnerability from cvelistv5
Published
2019-05-23 14:05
Modified
2024-09-17 01:16
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10870492 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/156163 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 8.0.0.11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:27.901Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870492", }, { name: "ibm-websphere-cve20194039-dos (156163)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156163", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "8.0.0.11", }, ], }, ], datePublic: "2019-05-21T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:N/S:U/UI:N/AV:L/A:H/C:N/AC:L/PR:N/E:U/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T14:05:15", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870492", }, { name: "ibm-websphere-cve20194039-dos (156163)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156163", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-05-21T00:00:00", ID: "CVE-2019-4039", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "8.0.0.11", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10870492", refsource: "CONFIRM", title: "IBM Security Bulletin 0870492 (MQ)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10870492", }, { name: "ibm-websphere-cve20194039-dos (156163)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156163", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4039", datePublished: "2019-05-23T14:05:15.446631Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T01:16:15.846Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1792 (GCVE-0-2018-1792)
Vulnerability from cvelistv5
Published
2018-11-13 15:00
Modified
2024-09-16 16:27
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105936 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/148947 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=ibm10734447 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.1 Version: 9.0.0.1 Version: 9.0.2 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 9.0.3 Version: 9.0.4 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.0.5 Version: 9.1.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:38.346Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "105936", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105936", }, { name: "ibm-websphere-cve20181792-priv-escalation(148947)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734447", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.1.0.0", }, ], }, ], datePublic: "2018-11-12T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 7.7, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:L/S:C/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-16T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "105936", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105936", }, { name: "ibm-websphere-cve20181792-priv-escalation(148947)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734447", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-11-12T00:00:00", ID: "CVE-2018-1792", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.0.5", }, { version_value: "9.1.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "H", I: "H", PR: "L", S: "C", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "105936", refsource: "BID", url: "http://www.securityfocus.com/bid/105936", }, { name: "ibm-websphere-cve20181792-priv-escalation(148947)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947", }, { name: "https://www.ibm.com/support/docview.wss?uid=ibm10734447", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10734447", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1792", datePublished: "2018-11-13T15:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T16:27:25.936Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-3028 (GCVE-0-2013-3028)
Vulnerability from cvelistv5
Published
2013-07-02 21:00
Modified
2024-08-06 16:00
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV43368 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84564 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21639001 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:00:09.395Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IV43368", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV43368", }, { name: "was-mq-cve20133028-bo(84564)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/84564", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21639001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-06-26T00:00:00", descriptions: [ { lang: "en", value: "Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "IV43368", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV43368", }, { name: "was-mq-cve20133028-bo(84564)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/84564", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21639001", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2013-3028", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IV43368", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV43368", }, { name: "was-mq-cve20133028-bo(84564)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/84564", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21639001", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21639001", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2013-3028", datePublished: "2013-07-02T21:00:00", dateReserved: "2013-04-12T00:00:00", dateUpdated: "2024-08-06T16:00:09.395Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1371 (GCVE-0-2018-1371)
Vulnerability from cvelistv5
Published
2018-04-17 15:00
Modified
2024-09-16 16:42
Severity ?
EPSS score ?
Summary
An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/137771 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22012983 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:38.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137771", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012983", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "8.0.0.8", }, ], }, ], datePublic: "2018-04-13T00:00:00", descriptions: [ { lang: "en", value: "An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-17T14:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137771", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012983", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-04-13T00:00:00", ID: "CVE-2018-1371", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.2", }, { version_value: "9.0.4", }, { version_value: "8.0.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137771", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137771", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22012983", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22012983", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1371", datePublished: "2018-04-17T15:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T16:42:58.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4719 (GCVE-0-2019-4719)
Vulnerability from cvelistv5
Published
2020-03-16 15:25
Modified
2024-09-16 18:49
Severity ?
EPSS score ?
Summary
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1136608 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/172124 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 Version: 8.0.0.8 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.1.0.5 Version: 7.1.0.6 Version: 7.1.0.7 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 7.1.0.0 Version: 7.1.0.8 Version: 7.1.0.9 Version: 7.5.0.0 Version: 7.5.0.9 Version: 8.0.0.12 Version: 9.1.0.3 Version: 9.1.3 Version: 9.0.0.7 Version: 8.0.0.13 Version: 9.0.0.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:49.188Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1136608", }, { name: "ibm-mq-cve20194719-info-disc (172124)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "7.5.0.5", }, { status: "affected", version: "7.5.0.6", }, { status: "affected", version: "7.5.0.7", }, { status: "affected", version: "7.5.0.8", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.1.0.4", }, { status: "affected", version: "7.1.0.5", }, { status: "affected", version: "7.1.0.6", }, { status: "affected", version: "7.1.0.7", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, { status: "affected", version: "7.1.0.0", }, { status: "affected", version: "7.1.0.8", }, { status: "affected", version: "7.1.0.9", }, { status: "affected", version: "7.5.0.0", }, { status: "affected", version: "7.5.0.9", }, { status: "affected", version: "8.0.0.12", }, { status: "affected", version: "9.1.0.3", }, { status: "affected", version: "9.1.3", }, { status: "affected", version: "9.0.0.7", }, { status: "affected", version: "8.0.0.13", }, { status: "affected", version: "9.0.0.8", }, ], }, ], datePublic: "2020-03-13T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/S:U/AV:L/PR:N/AC:H/A:N/UI:N/C:H/I:N/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-16T15:25:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1136608", }, { name: "ibm-mq-cve20194719-info-disc (172124)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-03-13T00:00:00", ID: "CVE-2019-4719", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "7.5.0.1", }, { version_value: "7.5.0.2", }, { version_value: "7.5.0.3", }, { version_value: "7.5.0.4", }, { version_value: "7.5.0.5", }, { version_value: "7.5.0.6", }, { version_value: "7.5.0.7", }, { version_value: "7.5.0.8", }, { version_value: "8.0.0.8", }, { version_value: "7.1.0.1", }, { version_value: "7.1.0.2", }, { version_value: "7.1.0.3", }, { version_value: "7.1.0.4", }, { version_value: "7.1.0.5", }, { version_value: "7.1.0.6", }, { version_value: "7.1.0.7", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, { version_value: "7.1.0.0", }, { version_value: "7.1.0.8", }, { version_value: "7.1.0.9", }, { version_value: "7.5.0.0", }, { version_value: "7.5.0.9", }, { version_value: "8.0.0.12", }, { version_value: "9.1.0.3", }, { version_value: "9.1.3", }, { version_value: "9.0.0.7", }, { version_value: "8.0.0.13", }, { version_value: "9.0.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "L", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1136608", refsource: "CONFIRM", title: "IBM Security Bulletin 1136608 (MQ)", url: "https://www.ibm.com/support/pages/node/1136608", }, { name: "ibm-mq-cve20194719-info-disc (172124)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4719", datePublished: "2020-03-16T15:25:20.927352Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T18:49:55.996Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-4310 (GCVE-0-2020-4310)
Vulnerability from cvelistv5
Published
2020-06-16 13:45
Modified
2024-09-17 01:10
Severity ?
EPSS score ?
Summary
IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6223914 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/177081 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | WebSphere MQ |
Version: 7.1 Version: 7.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:06.987Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6223914", }, { name: "ibm-mq-cve20204310-dos (177081)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177081", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, ], }, { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0.LTS", }, { status: "affected", version: "9.1.LTS", }, { status: "affected", version: "9.1.CD", }, ], }, ], datePublic: "2020-06-12T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/I:N/PR:N/S:U/A:H/UI:N/C:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-16T13:45:21", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6223914", }, { name: "ibm-mq-cve20204310-dos (177081)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177081", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-06-12T00:00:00", ID: "CVE-2020-4310", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, ], }, }, { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0.LTS", }, { version_value: "9.1.LTS", }, { version_value: "9.1.CD", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6223914", refsource: "CONFIRM", title: "IBM Security Bulletin 6223914 (WebSphere MQ)", url: "https://www.ibm.com/support/pages/node/6223914", }, { name: "ibm-mq-cve20204310-dos (177081)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/177081", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4310", datePublished: "2020-06-16T13:45:21.461931Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T01:10:57.169Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4656 (GCVE-0-2019-4656)
Vulnerability from cvelistv5
Published
2020-03-16 15:25
Modified
2024-09-17 04:18
Severity ?
EPSS score ?
Summary
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1135095 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/170967 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 Version: 8.0.0.8 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.1.0.5 Version: 7.1.0.6 Version: 7.1.0.7 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 7.1.0.0 Version: 7.1.0.8 Version: 7.1.0.9 Version: 7.5.0.0 Version: 7.5.0.9 Version: 8.0.0.12 Version: 9.1.0.3 Version: 9.1.3 Version: 9.0.0.7 Version: 8.0.0.13 Version: 9.0.0.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:48.365Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1135095", }, { name: "ibm-mq-cve20194656-dos (170967)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "7.5.0.5", }, { status: "affected", version: "7.5.0.6", }, { status: "affected", version: "7.5.0.7", }, { status: "affected", version: "7.5.0.8", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.1.0.4", }, { status: "affected", version: "7.1.0.5", }, { status: "affected", version: "7.1.0.6", }, { status: "affected", version: "7.1.0.7", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, { status: "affected", version: "7.1.0.0", }, { status: "affected", version: "7.1.0.8", }, { status: "affected", version: "7.1.0.9", }, { status: "affected", version: "7.5.0.0", }, { status: "affected", version: "7.5.0.9", }, { status: "affected", version: "8.0.0.12", }, { status: "affected", version: "9.1.0.3", }, { status: "affected", version: "9.1.3", }, { status: "affected", version: "9.0.0.7", }, { status: "affected", version: "8.0.0.13", }, { status: "affected", version: "9.0.0.8", }, ], }, ], datePublic: "2020-03-13T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.7, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/UI:N/C:N/S:U/A:H/I:N/AC:L/PR:L/AV:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-16T15:25:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1135095", }, { name: "ibm-mq-cve20194656-dos (170967)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-03-13T00:00:00", ID: "CVE-2019-4656", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "7.5.0.1", }, { version_value: "7.5.0.2", }, { version_value: "7.5.0.3", }, { version_value: "7.5.0.4", }, { version_value: "7.5.0.5", }, { version_value: "7.5.0.6", }, { version_value: "7.5.0.7", }, { version_value: "7.5.0.8", }, { version_value: "8.0.0.8", }, { version_value: "7.1.0.1", }, { version_value: "7.1.0.2", }, { version_value: "7.1.0.3", }, { version_value: "7.1.0.4", }, { version_value: "7.1.0.5", }, { version_value: "7.1.0.6", }, { version_value: "7.1.0.7", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, { version_value: "7.1.0.0", }, { version_value: "7.1.0.8", }, { version_value: "7.1.0.9", }, { version_value: "7.5.0.0", }, { version_value: "7.5.0.9", }, { version_value: "8.0.0.12", }, { version_value: "9.1.0.3", }, { version_value: "9.1.3", }, { version_value: "9.0.0.7", }, { version_value: "8.0.0.13", }, { version_value: "9.0.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1135095", refsource: "CONFIRM", title: "IBM Security Bulletin 1135095 (MQ)", url: "https://www.ibm.com/support/pages/node/1135095", }, { name: "ibm-mq-cve20194656-dos (170967)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4656", datePublished: "2020-03-16T15:25:20.439438Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T04:18:51.019Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-8971 (GCVE-0-2016-8971)
Vulnerability from cvelistv5
Published
2017-03-07 17:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=swg21998663 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere MQ |
Version: 5.1 Version: 5.3 Version: 6.0 Version: 7.0 Version: 5.30.0 Version: 6.0.1.0 Version: 6.0.1.1 Version: 6.0.2.0 Version: 6.0.2.1 Version: 6.0.2.10 Version: 6.0.2.2 Version: 6.0.2.3 Version: 6.0.2.4 Version: 6.0.2.5 Version: 6.0.2.6 Version: 6.0.2.7 Version: 6.0.2.8 Version: 6.0.2.9 Version: 7.0.0.1 Version: 7.0.0.2 Version: 7.0.1.0 Version: 7.0.1.1 Version: 7.0.1.2 Version: 7.0.1.3 Version: 7.0.1.4 Version: 7.1 Version: 7.5 Version: 7.5.0.1 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.0.1 Version: 7.0.1.5 Version: 7.0.1.6 Version: 7.0.1.8 Version: 7.0.1.7 Version: 7.0.1.9 Version: 7.0.1.10 Version: 7.0.2 Version: 7.0.3 Version: 7.0.4 Version: 7.0.4.1 Version: 7.0.4.2 Version: 7.0.4.3 Version: 7.5.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.5.0.3 Version: 8.0.0.0 Version: 8.0.0.1 Version: 7.5.0.4 Version: 8.0 Version: 5.3.1 Version: 6.0.1 Version: 6.0.1.2 Version: 6.0.2 Version: 6.0.2.11 Version: 6.0.2.12 Version: 7.0.1.11 Version: 7.0.1.12 Version: 2.1 Version: 7.1.0.5 Version: 2.0 Version: 8.0.0.2 Version: 8 Version: 8.0.0.4 Version: 8.0.0.3 Version: 9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:35:02.823Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=swg21998663", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM Corporation", versions: [ { status: "affected", version: "5.1", }, { status: "affected", version: "5.3", }, { status: "affected", version: "6.0", }, { status: "affected", version: "7.0", }, { status: "affected", version: "5.30.0", }, { status: "affected", version: "6.0.1.0", }, { status: "affected", version: "6.0.1.1", }, { status: "affected", version: "6.0.2.0", }, { status: "affected", version: "6.0.2.1", }, { status: "affected", version: "6.0.2.10", }, { status: "affected", version: "6.0.2.2", }, { status: "affected", version: "6.0.2.3", }, { status: "affected", version: "6.0.2.4", }, { status: "affected", version: "6.0.2.5", }, { status: "affected", version: "6.0.2.6", }, { status: "affected", version: "6.0.2.7", }, { status: "affected", version: "6.0.2.8", }, { status: "affected", version: "6.0.2.9", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.0.2", }, { status: "affected", version: "7.0.1.0", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.1.2", }, { status: "affected", version: "7.0.1.3", }, { status: "affected", version: "7.0.1.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.5", }, { status: "affected", version: "7.0.1.6", }, { status: "affected", version: "7.0.1.8", }, { status: "affected", version: "7.0.1.7", }, { status: "affected", version: "7.0.1.9", }, { status: "affected", version: "7.0.1.10", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.4.1", }, { status: "affected", version: "7.0.4.2", }, { status: "affected", version: "7.0.4.3", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.1.0.4", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "8.0", }, { status: "affected", version: "5.3.1", }, { status: "affected", version: "6.0.1", }, { status: "affected", version: "6.0.1.2", }, { status: "affected", version: "6.0.2", }, { status: "affected", version: "6.0.2.11", }, { status: "affected", version: "6.0.2.12", }, { status: "affected", version: "7.0.1.11", }, { status: "affected", version: "7.0.1.12", }, { status: "affected", version: "2.1", }, { status: "affected", version: "7.1.0.5", }, { status: "affected", version: "2.0", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "9.0", }, ], }, ], datePublic: "2017-02-20T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-07T16:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=swg21998663", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-8971", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "5.1", }, { version_value: "5.3", }, { version_value: "6.0", }, { version_value: "7.0", }, { version_value: "5.30.0", }, { version_value: "6.0.1.0", }, { version_value: "6.0.1.1", }, { version_value: "6.0.2.0", }, { version_value: "6.0.2.1", }, { version_value: "6.0.2.10", }, { version_value: "6.0.2.2", }, { version_value: "6.0.2.3", }, { version_value: "6.0.2.4", }, { version_value: "6.0.2.5", }, { version_value: "6.0.2.6", }, { version_value: "6.0.2.7", }, { version_value: "6.0.2.8", }, { version_value: "6.0.2.9", }, { version_value: "7.0.0.1", }, { version_value: "7.0.0.2", }, { version_value: "7.0.1.0", }, { version_value: "7.0.1.1", }, { version_value: "7.0.1.2", }, { version_value: "7.0.1.3", }, { version_value: "7.0.1.4", }, { version_value: "7.1", }, { version_value: "7.0", }, { version_value: "7.5", }, { version_value: "7.5.0.1", }, { version_value: "7.1.0.1", }, { version_value: "7.1.0.2", }, { version_value: "7.0.1", }, { version_value: "7.0.1.5", }, { version_value: "7.0.1.6", }, { version_value: "7.0.1.8", }, { version_value: "7.0.1.7", }, { version_value: "7.0.1.9", }, { version_value: "7.0.1.10", }, { version_value: "7.0.2", }, { version_value: "7.0.3", }, { version_value: "7.0.4", }, { version_value: "7.0.4.1", }, { version_value: "7.0.4.2", }, { version_value: "7.0.4.3", }, { version_value: "7.5.0.2", }, { version_value: "7.1.0.3", }, { version_value: "7.1.0.4", }, { version_value: "7.5.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.1", }, { version_value: "7.5.0.4", }, { version_value: "8.0", }, { version_value: "5.3.1", }, { version_value: "6.0.1", }, { version_value: "6.0.1.2", }, { version_value: "6.0.2", }, { version_value: "6.0.2.11", }, { version_value: "6.0.2.12", }, { version_value: "7.0.1.11", }, { version_value: "7.0.1.12", }, { version_value: "2.1", }, { version_value: "7.1.0.5", }, { version_value: "2.0", }, { version_value: "8.0.0.2", }, { version_value: "8", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.3", }, { version_value: "9.0", }, ], }, }, ], }, vendor_name: "IBM Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=swg21998663", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=swg21998663", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-8971", datePublished: "2017-03-07T17:00:00", dateReserved: "2016-10-25T00:00:00", dateUpdated: "2024-08-06T02:35:02.823Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1557 (GCVE-0-2017-1557)
Vulnerability from cvelistv5
Published
2018-01-02 17:00
Modified
2024-09-16 17:47
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/131547 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/102418 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22004378 | x_refsource_CONFIRM |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:30.599Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547", }, { name: "102418", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102418", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22004378", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.3", }, ], }, ], datePublic: "2017-12-22T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-06T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547", }, { name: "102418", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102418", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22004378", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-12-22T00:00:00", ID: "CVE-2017-1557", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.3", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547", }, { name: "102418", refsource: "BID", url: "http://www.securityfocus.com/bid/102418", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22004378", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22004378", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1557", datePublished: "2018-01-02T17:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T17:47:56.777Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2008-1592 (GCVE-0-2008-1592)
Vulnerability from cvelistv5
Published
2008-03-31 23:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels."
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/29360 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/0869 | vdb-entry, x_refsource_VUPEN | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21297035 | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1019610 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/28235 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:24:42.930Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "29360", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29360", }, { name: "ADV-2008-0869", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0869", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg21297035", }, { name: "1019610", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1019610", }, { name: "28235", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28235", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-03-11T00:00:00", descriptions: [ { lang: "en", value: "MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to \"Pathway panels.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-02-26T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "29360", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29360", }, { name: "ADV-2008-0869", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0869", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg21297035", }, { name: "1019610", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1019610", }, { name: "28235", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28235", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-1592", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to \"Pathway panels.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "29360", refsource: "SECUNIA", url: "http://secunia.com/advisories/29360", }, { name: "ADV-2008-0869", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/0869", }, { name: "http://www-1.ibm.com/support/docview.wss?uid=swg21297035", refsource: "CONFIRM", url: "http://www-1.ibm.com/support/docview.wss?uid=swg21297035", }, { name: "1019610", refsource: "SECTRACK", url: "http://securitytracker.com/id?1019610", }, { name: "28235", refsource: "BID", url: "http://www.securityfocus.com/bid/28235", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-1592", datePublished: "2008-03-31T23:00:00", dateReserved: "2008-03-31T00:00:00", dateUpdated: "2024-08-07T08:24:42.930Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1974 (GCVE-0-2018-1974)
Vulnerability from cvelistv5
Published
2019-03-11 22:00
Modified
2024-09-16 16:43
Severity ?
EPSS score ?
Summary
IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/153915 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=ibm10792043 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:39.474Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-websphere-cve20181974-priv-escalation(153915)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/153915", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10792043", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, ], }, ], datePublic: "2019-03-08T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:H/AV:N/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-11T21:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-websphere-cve20181974-priv-escalation(153915)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/153915", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10792043", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-03-08T00:00:00", ID: "CVE-2018-1974", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "H", I: "H", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "ibm-websphere-cve20181974-priv-escalation(153915)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/153915", }, { name: "https://www.ibm.com/support/docview.wss?uid=ibm10792043", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10792043", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1974", datePublished: "2019-03-11T22:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T16:43:47.558Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2008-1130 (GCVE-0-2008-1130)
Vulnerability from cvelistv5
Published
2008-03-04 00:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/29170 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/0719 | vdb-entry, x_refsource_VUPEN | |
| http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg1IZ01272 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/bid/28046 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1019527 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:08:57.604Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "29170", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29170", }, { name: "ADV-2008-0719", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0719", }, { name: "IZ01272", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg1IZ01272", }, { name: "28046", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28046", }, { name: "1019527", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1019527", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-02-29T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-02-26T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "29170", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29170", }, { name: "ADV-2008-0719", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0719", }, { name: "IZ01272", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg1IZ01272", }, { name: "28046", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28046", }, { name: "1019527", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1019527", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-1130", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "29170", refsource: "SECUNIA", url: "http://secunia.com/advisories/29170", }, { name: "ADV-2008-0719", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/0719", }, { name: "IZ01272", refsource: "AIXAPAR", url: "http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg1IZ01272", }, { name: "28046", refsource: "BID", url: "http://www.securityfocus.com/bid/28046", }, { name: "1019527", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1019527", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-1130", datePublished: "2008-03-04T00:00:00", dateReserved: "2008-03-03T00:00:00", dateUpdated: "2024-08-07T08:08:57.604Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2010-0780 (GCVE-0-2010-0780)
Vulnerability from cvelistv5
Published
2011-10-29 10:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg27014224 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/60638 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=swg1IZ75124 | vendor-advisory, x_refsource_AIXAPAR |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:59:39.087Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "wmq-diskspace-dos(60638)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60638", }, { name: "IZ75124", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ75124", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-08-26T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "wmq-diskspace-dos(60638)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60638", }, { name: "IZ75124", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ75124", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-0780", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "wmq-diskspace-dos(60638)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60638", }, { name: "IZ75124", refsource: "AIXAPAR", url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ75124", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-0780", datePublished: "2011-10-29T10:00:00", dateReserved: "2010-03-02T00:00:00", dateUpdated: "2024-08-07T00:59:39.087Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1117 (GCVE-0-2017-1117)
Vulnerability from cvelistv5
Published
2017-06-21 18:00
Modified
2024-08-05 13:25
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99136 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22001468 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/121155 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:25:17.207Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "99136", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99136", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22001468", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/121155", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, ], }, ], datePublic: "2017-06-06T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-06-22T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "99136", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99136", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22001468", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/121155", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2017-1117", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "99136", refsource: "BID", url: "http://www.securityfocus.com/bid/99136", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22001468", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22001468", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/121155", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/121155", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1117", datePublished: "2017-06-21T18:00:00", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-08-05T13:25:17.207Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-0911 (GCVE-0-2014-0911)
Vulnerability from cvelistv5
Published
2014-05-07 10:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV55886 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21670374 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91876 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:20.284Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IV55886", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55886", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21670374", }, { name: "ibm-websphere-cve20140911-dos(91876)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91876", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-05-01T00:00:00", descriptions: [ { lang: "en", value: "inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "IV55886", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55886", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21670374", }, { name: "ibm-websphere-cve20140911-dos(91876)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91876", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2014-0911", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IV55886", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55886", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21670374", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21670374", }, { name: "ibm-websphere-cve20140911-dos(91876)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91876", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2014-0911", datePublished: "2014-05-07T10:00:00", dateReserved: "2014-01-06T00:00:00", dateUpdated: "2024-08-06T09:27:20.284Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1283 (GCVE-0-2017-1283)
Vulnerability from cvelistv5
Published
2017-11-27 21:00
Modified
2024-09-16 16:14
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22003852 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/125144 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:28.414Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003852", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, ], }, ], datePublic: "2017-11-15T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-11-27T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003852", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-11-15T00:00:00", ID: "CVE-2017-1283", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22003852", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22003852", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1283", datePublished: "2017-11-27T21:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T16:14:15.714Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-8915 (GCVE-0-2016-8915)
Vulnerability from cvelistv5
Published
2017-02-22 19:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21998649 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96403 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere MQ |
Version: 8.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:35:02.297Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998649", }, { name: "96403", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96403", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM Corporation", versions: [ { status: "affected", version: "8.0", }, ], }, ], datePublic: "2017-02-20T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-01T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998649", }, { name: "96403", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96403", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-8915", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "8.0", }, ], }, }, ], }, vendor_name: "IBM Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg21998649", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21998649", }, { name: "96403", refsource: "BID", url: "http://www.securityfocus.com/bid/96403", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-8915", datePublished: "2017-02-22T19:00:00", dateReserved: "2016-10-25T00:00:00", dateUpdated: "2024-08-06T02:35:02.297Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-2012 (GCVE-0-2015-2012)
Vulnerability from cvelistv5
Published
2016-02-08 16:00
Modified
2024-08-06 05:02
Severity ?
EPSS score ?
Summary
The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IT09866 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21968399 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1034943 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:02:43.024Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IT09866", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT09866", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21968399", }, { name: "1034943", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034943", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-02T00:00:00", descriptions: [ { lang: "en", value: "The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-02T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "IT09866", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT09866", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21968399", }, { name: "1034943", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034943", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-2012", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IT09866", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT09866", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21968399", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21968399", }, { name: "1034943", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034943", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-2012", datePublished: "2016-02-08T16:00:00", dateReserved: "2015-02-19T00:00:00", dateUpdated: "2024-08-06T05:02:43.024Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1786 (GCVE-0-2017-1786)
Vulnerability from cvelistv5
Published
2018-04-23 13:00
Modified
2024-09-16 16:14
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22013023 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/136975 | vdb-entry, x_refsource_XF |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:32.314Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22013023", }, { name: "ibm-websphere-cve20171786-dos(136975)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "8.0.0.8", }, ], }, ], datePublic: "2018-04-17T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-23T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22013023", }, { name: "ibm-websphere-cve20171786-dos(136975)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-04-17T00:00:00", ID: "CVE-2017-1786", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "8.0.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22013023", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22013023", }, { name: "ibm-websphere-cve20171786-dos(136975)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1786", datePublished: "2018-04-23T13:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T16:14:08.508Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1285 (GCVE-0-2017-1285)
Vulnerability from cvelistv5
Published
2017-07-12 17:00
Modified
2024-09-16 20:02
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/125146 | x_refsource_MISC | |
| https://www.ibm.com/support/docview.wss?uid=swg22003856 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99538 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:28.480Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=swg22003856", }, { name: "99538", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99538", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.2", }, ], }, ], datePublic: "2017-07-10T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-13T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=swg22003856", }, { name: "99538", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99538", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-07-10T00:00:00", ID: "CVE-2017-1285", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146", }, { name: "https://www.ibm.com/support/docview.wss?uid=swg22003856", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=swg22003856", }, { name: "99538", refsource: "BID", url: "http://www.securityfocus.com/bid/99538", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1285", datePublished: "2017-07-12T17:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T20:02:13.078Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2007-6044 (GCVE-0-2007-6044)
Vulnerability from cvelistv5
Published
2007-11-20 20:00
Modified
2024-08-07 15:54
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/45302 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/26441 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/3381 | third-party-advisory, x_refsource_SREASON | |
| http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/483708/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T15:54:26.472Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "45302", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/45302", }, { name: "26441", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/26441", }, { name: "3381", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3381", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM", }, { name: "20071114 Six Remote Memory Corruption Vulnerabilities in IBM WebSphere MQ 6.0", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/483708/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-11-14T00:00:00", descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving \"memory corruption.\" NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "45302", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/45302", }, { name: "26441", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/26441", }, { name: "3381", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3381", }, { tags: [ "x_refsource_MISC", ], url: "http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM", }, { name: "20071114 Six Remote Memory Corruption Vulnerabilities in IBM WebSphere MQ 6.0", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/483708/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-6044", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving \"memory corruption.\" NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "45302", refsource: "OSVDB", url: "http://osvdb.org/45302", }, { name: "26441", refsource: "BID", url: "http://www.securityfocus.com/bid/26441", }, { name: "3381", refsource: "SREASON", url: "http://securityreason.com/securityalert/3381", }, { name: "http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM", refsource: "MISC", url: "http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM", }, { name: "20071114 Six Remote Memory Corruption Vulnerabilities in IBM WebSphere MQ 6.0", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/483708/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-6044", datePublished: "2007-11-20T20:00:00", dateReserved: "2007-11-20T00:00:00", dateUpdated: "2024-08-07T15:54:26.472Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2009-3161 (GCVE-0-2009-3161)
Vulnerability from cvelistv5
Published
2009-09-10 18:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/2578 | vdb-entry, x_refsource_VUPEN | |
| http://www-01.ibm.com/support/docview.wss?uid=swg24024153 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/36310 | vdb-entry, x_refsource_BID | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1IC62164 | vendor-advisory, x_refsource_AIXAPAR | |
| http://secunia.com/advisories/36647 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T06:14:56.482Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2009-2578", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/2578", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { name: "36310", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/36310", }, { name: "IC62164", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC62164", }, { name: "36647", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36647", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-09-08T00:00:00", descriptions: [ { lang: "en", value: "The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-09-22T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2009-2578", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/2578", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { name: "36310", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/36310", }, { name: "IC62164", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC62164", }, { name: "36647", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36647", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-3161", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2009-2578", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/2578", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { name: "36310", refsource: "BID", url: "http://www.securityfocus.com/bid/36310", }, { name: "IC62164", refsource: "AIXAPAR", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC62164", }, { name: "36647", refsource: "SECUNIA", url: "http://secunia.com/advisories/36647", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-3161", datePublished: "2009-09-10T18:00:00", dateReserved: "2009-09-10T00:00:00", dateUpdated: "2024-08-07T06:14:56.482Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1419 (GCVE-0-2018-1419)
Vulnerability from cvelistv5
Published
2018-06-15 14:00
Modified
2024-09-16 20:57
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22014650 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104488 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/138949 | vdb-entry, x_refsource_XF |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.068Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014650", }, { name: "104488", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104488", }, { name: "ibm-websphere-cve20181419-dos(138949)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138949", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "8.0.0.8", }, ], }, ], datePublic: "2018-06-12T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.2, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/A:L/AC:H/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-19T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014650", }, { name: "104488", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104488", }, { name: "ibm-websphere-cve20181419-dos(138949)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138949", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-06-12T00:00:00", ID: "CVE-2018-1419", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "8.0.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "H", AV: "N", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22014650", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22014650", }, { name: "104488", refsource: "BID", url: "http://www.securityfocus.com/bid/104488", }, { name: "ibm-websphere-cve20181419-dos(138949)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138949", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1419", datePublished: "2018-06-15T14:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T20:57:17.398Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1760 (GCVE-0-2017-1760)
Vulnerability from cvelistv5
Published
2017-12-11 21:00
Modified
2024-09-16 18:18
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/126454 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22005392 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 7.5 Version: 8.0 Version: 9.0 Version: 9.0.1 Version: 9.0.0.1 Version: 9.0.2 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 9.0.3 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:32.277Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126454", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005392", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "7.5.0.5", }, { status: "affected", version: "7.5.0.6", }, { status: "affected", version: "7.5.0.7", }, { status: "affected", version: "7.5.0.8", }, ], }, ], datePublic: "2017-12-06T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-11T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126454", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005392", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-12-06T00:00:00", ID: "CVE-2017-1760", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "9.0.3", }, { version_value: "7.5.0.1", }, { version_value: "7.5.0.2", }, { version_value: "7.5.0.3", }, { version_value: "7.5.0.4", }, { version_value: "7.5.0.5", }, { version_value: "7.5.0.6", }, { version_value: "7.5.0.7", }, { version_value: "7.5.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126454", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126454", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22005392", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22005392", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1760", datePublished: "2017-12-11T21:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T18:18:02.093Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1337 (GCVE-0-2017-1337)
Vulnerability from cvelistv5
Published
2017-07-10 16:00
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99493 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/126245 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22003853 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:29.414Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "99493", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99493", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126245", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003853", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.2", }, ], }, ], datePublic: "2017-07-06T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "99493", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99493", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126245", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003853", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-07-06T00:00:00", ID: "CVE-2017-1337", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "99493", refsource: "BID", url: "http://www.securityfocus.com/bid/99493", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126245", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126245", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22003853", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22003853", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1337", datePublished: "2017-07-10T16:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-17T00:21:01.690Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-3013 (GCVE-0-2016-3013)
Vulnerability from cvelistv5
Published
2017-02-22 19:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96394 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg21998661 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere MQ |
Version: 8.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:40:15.140Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96394", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96394", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998661", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM Corporation", versions: [ { status: "affected", version: "8.0", }, ], }, ], datePublic: "2017-02-20T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-01T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "96394", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96394", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998661", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-3013", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "8.0", }, ], }, }, ], }, vendor_name: "IBM Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "96394", refsource: "BID", url: "http://www.securityfocus.com/bid/96394", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg21998661", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21998661", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-3013", datePublished: "2017-02-22T19:00:00", dateReserved: "2016-03-09T00:00:00", dateUpdated: "2024-08-05T23:40:15.140Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2011-1378 (GCVE-0-2011-1378)
Vulnerability from cvelistv5
Published
2011-11-26 02:00
Modified
2024-08-06 22:21
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/46837 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71336 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC78034 | vendor-advisory, x_refsource_AIXAPAR |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:21:34.332Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "46837", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/46837", }, { name: "wmq-cc-security-bypass(71336)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71336", }, { name: "IC78034", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC78034", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-11-14T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "46837", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/46837", }, { name: "wmq-cc-security-bypass(71336)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71336", }, { name: "IC78034", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC78034", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-1378", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "46837", refsource: "SECUNIA", url: "http://secunia.com/advisories/46837", }, { name: "wmq-cc-security-bypass(71336)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71336", }, { name: "IC78034", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC78034", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-1378", datePublished: "2011-11-26T02:00:00", dateReserved: "2011-03-10T00:00:00", dateUpdated: "2024-08-06T22:21:34.332Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-0176 (GCVE-0-2015-0176)
Vulnerability from cvelistv5
Published
2015-04-27 01:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21699549 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1032200 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:03:10.352Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699549", }, { name: "1032200", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032200", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-04-20T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-04T18:57:00", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699549", }, { name: "1032200", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032200", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-0176", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21699549", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699549", }, { name: "1032200", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032200", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-0176", datePublished: "2015-04-27T01:00:00", dateReserved: "2014-11-18T00:00:00", dateUpdated: "2024-08-06T04:03:10.352Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2009-3160 (GCVE-0-2009-3160)
Vulnerability from cvelistv5
Published
2009-09-10 18:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/2578 | vdb-entry, x_refsource_VUPEN | |
| http://www-01.ibm.com/support/docview.wss?uid=swg24024153 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/36310 | vdb-entry, x_refsource_BID | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1IZ56259 | vendor-advisory, x_refsource_AIXAPAR | |
| http://secunia.com/advisories/36647 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T06:14:56.377Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2009-2578", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/2578", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { name: "36310", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/36310", }, { name: "IZ56259", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ56259", }, { name: "36647", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36647", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-09-08T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a \"memory overwrite\" issue.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-09-22T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2009-2578", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/2578", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { name: "36310", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/36310", }, { name: "IZ56259", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ56259", }, { name: "36647", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36647", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-3160", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a \"memory overwrite\" issue.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2009-2578", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/2578", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg24024153", }, { name: "36310", refsource: "BID", url: "http://www.securityfocus.com/bid/36310", }, { name: "IZ56259", refsource: "AIXAPAR", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ56259", }, { name: "36647", refsource: "SECUNIA", url: "http://secunia.com/advisories/36647", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-3160", datePublished: "2009-09-10T18:00:00", dateReserved: "2009-09-10T00:00:00", dateUpdated: "2024-08-07T06:14:56.377Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2011-1224 (GCVE-0-2011-1224)
Vulnerability from cvelistv5
Published
2011-07-07 21:00
Modified
2024-08-06 22:21
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg27007069 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27014224 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68229 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=swg1IZ92813 | vendor-advisory, x_refsource_AIXAPAR |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:21:33.796Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg27007069", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "websphere-mq-cdb-security-bypass(68229)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/68229", }, { name: "IZ92813", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ92813", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-06-15T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg27007069", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "websphere-mq-cdb-security-bypass(68229)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/68229", }, { name: "IZ92813", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ92813", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-1224", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg27007069", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27007069", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "websphere-mq-cdb-security-bypass(68229)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/68229", }, { name: "IZ92813", refsource: "AIXAPAR", url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ92813", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-1224", datePublished: "2011-07-07T21:00:00", dateReserved: "2011-03-03T00:00:00", dateUpdated: "2024-08-06T22:21:33.796Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4261 (GCVE-0-2019-4261)
Vulnerability from cvelistv5
Published
2019-08-05 13:40
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10886887 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/160013 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:37.855Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10886887", }, { name: "ibm-mq-cve20194261-dos (160013)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, { status: "affected", version: "9.1.0.2", }, { status: "affected", version: "9.1.2", }, { status: "affected", version: "8.0.0.11", }, { status: "affected", version: "9.0.0.6", }, ], }, ], datePublic: "2019-08-01T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.8, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/UI:N/A:L/C:N/I:N/AC:L/AV:N/S:U/PR:L/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-05T13:40:15", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10886887", }, { name: "ibm-mq-cve20194261-dos (160013)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-08-01T00:00:00", ID: "CVE-2019-4261", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, { version_value: "9.1.0.2", }, { version_value: "9.1.2", }, { version_value: "8.0.0.11", }, { version_value: "9.0.0.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10886887", refsource: "CONFIRM", title: "IBM Security Bulletin 886887 (MQ)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10886887", }, { name: "ibm-mq-cve20194261-dos (160013)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4261", datePublished: "2019-08-05T13:40:15.514791Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T03:43:43.454Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1925 (GCVE-0-2018-1925)
Vulnerability from cvelistv5
Published
2019-04-15 14:55
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10744713 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/152925 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:39.384Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10744713", }, { name: "ibm-websphere-cve20181925-info-disc (152925)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152925", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.1.0.0", }, { status: "affected", version: "9.1.0.1", }, { status: "affected", version: "9.1.1", }, ], }, ], datePublic: "2019-04-10T00:00:00", descriptions: [ { lang: "en", value: "IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/S:U/A:N/PR:N/AV:N/AC:H/UI:N/I:N/C:H/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-15T14:55:26", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10744713", }, { name: "ibm-websphere-cve20181925-info-disc (152925)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152925", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-04-10T00:00:00", ID: "CVE-2018-1925", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.1.0.0", }, { version_value: "9.1.0.1", }, { version_value: "9.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10744713", refsource: "CONFIRM", title: "IBM Security Bulletin 744713 (MQ)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10744713", }, { name: "ibm-websphere-cve20181925-info-disc (152925)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152925", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1925", datePublished: "2019-04-15T14:55:26.446570Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T18:39:54.967Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-2201 (GCVE-0-2012-2201)
Vulnerability from cvelistv5
Published
2020-08-27 12:35
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/76799 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:26:08.989Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IBM X-Force ID: 76799", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76799", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:46:38", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "IBM X-Force ID: 76799", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76799", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2012-2201", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IBM X-Force ID: 76799", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76799", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2012-2201", datePublished: "2020-08-27T12:35:48", dateReserved: "2012-04-04T00:00:00", dateUpdated: "2024-08-06T19:26:08.989Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2010-2637 (GCVE-0-2010-2637)
Vulnerability from cvelistv5
Published
2010-11-12 20:00
Modified
2024-08-07 02:39
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg27007069 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27014224 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/63114 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005 | vendor-advisory, x_refsource_AIXAPAR |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T02:39:37.667Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg27007069", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "wmq-net-pass-info-disclosure(63114)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/63114", }, { name: "IZ56005", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-04-06T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg27007069", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "wmq-net-pass-info-disclosure(63114)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/63114", }, { name: "IZ56005", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-2637", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg27007069", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27007069", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", }, { name: "wmq-net-pass-info-disclosure(63114)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/63114", }, { name: "IZ56005", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-2637", datePublished: "2010-11-12T20:00:00", dateReserved: "2010-07-06T00:00:00", dateUpdated: "2024-08-07T02:39:37.667Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1747 (GCVE-0-2017-1747)
Vulnerability from cvelistv5
Published
2018-03-30 16:00
Modified
2024-09-17 03:42
Severity ?
EPSS score ?
Summary
A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/135520 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22012992 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/103590 | vdb-entry, x_refsource_BID |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:32.289Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/135520", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012992", }, { name: "103590", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103590", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, ], }, ], datePublic: "2018-03-29T00:00:00", descriptions: [ { lang: "en", value: "A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:H/AV:N/C:N/I:N/PR:L/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/135520", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012992", }, { name: "103590", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103590", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-03-29T00:00:00", ID: "CVE-2017-1747", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "9.0.0.2", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/135520", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/135520", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22012992", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22012992", }, { name: "103590", refsource: "BID", url: "http://www.securityfocus.com/bid/103590", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1747", datePublished: "2018-03-30T16:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-17T03:42:57.406Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1543 (GCVE-0-2018-1543)
Vulnerability from cvelistv5
Published
2018-06-27 18:00
Modified
2024-09-17 03:48
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22016346 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/142598 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:07:43.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22016346", }, { name: "ibm-websphere-cve20181543-info-disc(142598)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142598", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, ], }, ], datePublic: "2018-06-22T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-27T17:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22016346", }, { name: "ibm-websphere-cve20181543-info-disc(142598)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142598", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-06-22T00:00:00", ID: "CVE-2018-1543", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22016346", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22016346", }, { name: "ibm-websphere-cve20181543-info-disc(142598)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142598", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1543", datePublished: "2018-06-27T18:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T03:48:13.036Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1699 (GCVE-0-2017-1699)
Vulnerability from cvelistv5
Published
2018-01-04 17:00
Modified
2024-09-17 03:08
Severity ?
EPSS score ?
Summary
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22010340 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/134391 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:31.924Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22010340", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "9.0.3", }, ], }, ], datePublic: "2018-01-02T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.", }, ], problemTypes: [ { descriptions: [ { description: "Data Manipulation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T16:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22010340", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-01-02T00:00:00", ID: "CVE-2017-1699", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "9.0.3", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Data Manipulation", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22010340", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22010340", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1699", datePublished: "2018-01-04T17:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-17T03:08:03.425Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1684 (GCVE-0-2018-1684)
Vulnerability from cvelistv5
Published
2018-11-09 00:00
Modified
2024-09-16 22:26
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/145456 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=ibm10734297 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.1 Version: 9.0.0.1 Version: 9.0.2 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 9.0.3 Version: 9.0.4 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.0.5 Version: 9.1.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:07:44.360Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-websphere-cve20181684-dos(145456)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734297", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.1.0.0", }, ], }, ], datePublic: "2018-11-07T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:H/AV:N/C:N/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-08T23:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-websphere-cve20181684-dos(145456)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10734297", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-11-07T00:00:00", ID: "CVE-2018-1684", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.0.5", }, { version_value: "9.1.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "ibm-websphere-cve20181684-dos(145456)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456", }, { name: "https://www.ibm.com/support/docview.wss?uid=ibm10734297", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10734297", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1684", datePublished: "2018-11-09T00:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T22:26:38.249Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0379 (GCVE-0-2016-0379)
Vulnerability from cvelistv5
Published
2016-09-26 01:00
Modified
2024-08-05 22:15
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21984565 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93146 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:15:24.306Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984565", }, { name: "93146", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93146", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-02T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T19:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984565", }, { name: "93146", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93146", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-0379", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21984565", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984565", }, { name: "93146", refsource: "BID", url: "http://www.securityfocus.com/bid/93146", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-0379", datePublished: "2016-09-26T01:00:00", dateReserved: "2015-12-08T00:00:00", dateUpdated: "2024-08-05T22:15:24.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1284 (GCVE-0-2017-1284)
Vulnerability from cvelistv5
Published
2017-07-10 16:00
Modified
2024-09-16 21:09
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22003851 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/125145 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/99494 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:27.887Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003851", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145", }, { name: "99494", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99494", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.2", }, ], }, ], datePublic: "2017-07-06T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22003851", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145", }, { name: "99494", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99494", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-07-06T00:00:00", ID: "CVE-2017-1284", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22003851", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22003851", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145", }, { name: "99494", refsource: "BID", url: "http://www.securityfocus.com/bid/99494", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1284", datePublished: "2017-07-10T16:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T21:09:05.853Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-1957 (GCVE-0-2015-1957)
Vulnerability from cvelistv5
Published
2018-04-10 15:00
Modified
2024-08-06 05:02
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21960506 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/103482 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:02:42.959Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960506", }, { name: "ibm-mq-cve20151957-info-disc(103482)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/103482", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-11T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-10T14:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960506", }, { name: "ibm-mq-cve20151957-info-disc(103482)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/103482", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-1957", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21960506", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960506", }, { name: "ibm-mq-cve20151957-info-disc(103482)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/103482", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-1957", datePublished: "2018-04-10T15:00:00", dateReserved: "2015-02-19T00:00:00", dateUpdated: "2024-08-06T05:02:42.959Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-1967 (GCVE-0-2015-1967)
Vulnerability from cvelistv5
Published
2015-07-01 10:00
Modified
2024-08-06 05:02
Severity ?
EPSS score ?
Summary
MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network for a session in which TLS is not used.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032772 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21960491 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:02:42.430Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1032772", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032772", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960491", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-06-23T00:00:00", descriptions: [ { lang: "en", value: "MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network for a session in which TLS is not used.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-23T18:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "1032772", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032772", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960491", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-1967", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network for a session in which TLS is not used.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1032772", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032772", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21960491", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960491", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-1967", datePublished: "2015-07-01T10:00:00", dateReserved: "2015-02-19T00:00:00", dateUpdated: "2024-08-06T05:02:42.430Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2011-0314 (GCVE-0-2011-0314)
Vulnerability from cvelistv5
Published
2011-01-12 00:00
Modified
2024-08-06 21:51
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/45801 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64550 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IZ81294 | vendor-advisory, x_refsource_AIXAPAR | |
| http://secunia.com/advisories/42941 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:51:07.708Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "45801", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/45801", }, { name: "wmq-message-bo(64550)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64550", }, { name: "IZ81294", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ81294", }, { name: "42941", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/42941", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-12-14T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "45801", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/45801", }, { name: "wmq-message-bo(64550)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64550", }, { name: "IZ81294", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ81294", }, { name: "42941", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/42941", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-0314", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "45801", refsource: "BID", url: "http://www.securityfocus.com/bid/45801", }, { name: "wmq-message-bo(64550)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64550", }, { name: "IZ81294", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ81294", }, { name: "42941", refsource: "SECUNIA", url: "http://secunia.com/advisories/42941", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-0314", datePublished: "2011-01-12T00:00:00", dateReserved: "2011-01-06T00:00:00", dateUpdated: "2024-08-06T21:51:07.708Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-6116 (GCVE-0-2014-6116)
Vulnerability from cvelistv5
Published
2014-10-19 01:00
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21686210 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/61064 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96213 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T12:03:02.461Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686210", }, { name: "61064", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61064", }, { name: "ibm-websphere-cve20146116-sec-bypass(96213)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96213", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-08T00:00:00", descriptions: [ { lang: "en", value: "The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-07T15:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686210", }, { name: "61064", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61064", }, { name: "ibm-websphere-cve20146116-sec-bypass(96213)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96213", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2014-6116", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686210", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686210", }, { name: "61064", refsource: "SECUNIA", url: "http://secunia.com/advisories/61064", }, { name: "ibm-websphere-cve20146116-sec-bypass(96213)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96213", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2014-6116", datePublished: "2014-10-19T01:00:00", dateReserved: "2014-09-02T00:00:00", dateUpdated: "2024-08-06T12:03:02.461Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-4822 (GCVE-0-2014-4822)
Vulnerability from cvelistv5
Published
2014-10-19 01:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95467 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21686339 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IT04023 | vendor-advisory, x_refsource_AIXAPAR | |
| http://secunia.com/advisories/59921 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:27:36.792Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-webspheremq-cve20144822-java(95467)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95467", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686339", }, { name: "IT04023", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04023", }, { name: "59921", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59921", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-13T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-webspheremq-cve20144822-java(95467)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95467", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686339", }, { name: "IT04023", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04023", }, { name: "59921", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59921", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2014-4822", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ibm-webspheremq-cve20144822-java(95467)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95467", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686339", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686339", }, { name: "IT04023", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04023", }, { name: "59921", refsource: "SECUNIA", url: "http://secunia.com/advisories/59921", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2014-4822", datePublished: "2014-10-19T01:00:00", dateReserved: "2014-07-09T00:00:00", dateUpdated: "2024-08-06T11:27:36.792Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-2013 (GCVE-0-2015-2013)
Vulnerability from cvelistv5
Published
2015-09-14 01:00
Modified
2024-08-06 05:02
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033449 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV73860 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21962479 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:02:43.183Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1033449", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1033449", }, { name: "IV73860", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV73860", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962479", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-01T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-20T16:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "1033449", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1033449", }, { name: "IV73860", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV73860", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962479", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-2013", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1033449", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033449", }, { name: "IV73860", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV73860", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21962479", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962479", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-2013", datePublished: "2015-09-14T01:00:00", dateReserved: "2015-02-19T00:00:00", dateUpdated: "2024-08-06T05:02:43.183Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2007-6705 (GCVE-0-2007-6705)
Vulnerability from cvelistv5
Published
2008-03-09 02:00
Modified
2024-08-07 16:18
Severity ?
EPSS score ?
Summary
The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1019529 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/43167 | vdb-entry, x_refsource_OSVDB | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1IC50431 | vendor-advisory, x_refsource_AIXAPAR |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T16:18:20.561Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1019529", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1019529", }, { name: "43167", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/43167", }, { name: "IC50431", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC50431", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-07-27T00:00:00", descriptions: [ { lang: "en", value: "The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2008-11-15T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1019529", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1019529", }, { name: "43167", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/43167", }, { name: "IC50431", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC50431", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-6705", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1019529", refsource: "SECTRACK", url: "http://securitytracker.com/id?1019529", }, { name: "43167", refsource: "OSVDB", url: "http://osvdb.org/43167", }, { name: "IC50431", refsource: "AIXAPAR", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1IC50431", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-6705", datePublished: "2008-03-09T02:00:00", dateReserved: "2008-03-08T00:00:00", dateUpdated: "2024-08-07T16:18:20.561Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1388 (GCVE-0-2018-1388)
Vulnerability from cvelistv5
Published
2018-02-07 17:00
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/103698 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22013022 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/138212 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere MQ |
Version: 7.0.1.1 Version: 7.0.1.2 Version: 7.0.1.3 Version: 7.0.1.4 Version: 7.0.1 Version: 7.0.1.5 Version: 7.0.1.6 Version: 7.0.1.8 Version: 7.0.1.7 Version: 7.0.1.9 Version: 7.0.1.10 Version: 7.0.1.11 Version: 7.0.1.12 Version: 7.0.1.13 Version: 7.0.1.14 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:38.974Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "103698", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103698", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22013022", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138212", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM", versions: [ { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.1.2", }, { status: "affected", version: "7.0.1.3", }, { status: "affected", version: "7.0.1.4", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.5", }, { status: "affected", version: "7.0.1.6", }, { status: "affected", version: "7.0.1.8", }, { status: "affected", version: "7.0.1.7", }, { status: "affected", version: "7.0.1.9", }, { status: "affected", version: "7.0.1.10", }, { status: "affected", version: "7.0.1.11", }, { status: "affected", version: "7.0.1.12", }, { status: "affected", version: "7.0.1.13", }, { status: "affected", version: "7.0.1.14", }, ], }, ], datePublic: "2018-02-01T00:00:00", descriptions: [ { lang: "en", value: "GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-20T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "103698", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103698", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22013022", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138212", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-02-01T00:00:00", ID: "CVE-2018-1388", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "7.0.1.1", }, { version_value: "7.0.1.2", }, { version_value: "7.0.1.3", }, { version_value: "7.0.1.4", }, { version_value: "7.0.1", }, { version_value: "7.0.1.5", }, { version_value: "7.0.1.6", }, { version_value: "7.0.1.8", }, { version_value: "7.0.1.7", }, { version_value: "7.0.1.9", }, { version_value: "7.0.1.10", }, { version_value: "7.0.1.11", }, { version_value: "7.0.1.12", }, { version_value: "7.0.1.13", }, { version_value: "7.0.1.14", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "103698", refsource: "BID", url: "http://www.securityfocus.com/bid/103698", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22013022", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22013022", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138212", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138212", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1388", datePublished: "2018-02-07T17:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T03:23:03.234Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-2199 (GCVE-0-2012-2199)
Vulnerability from cvelistv5
Published
2012-09-25 20:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid address alignment exception and daemon crash) via vectors involving a multiplexed channel.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC82725 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.ibm.com/support/docview.wss?uid=swg21610285 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/76434 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:26:08.981Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IC82725", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC82725", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21610285", }, { name: "wmq-smca-dos(76434)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76434", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-09-20T00:00:00", descriptions: [ { lang: "en", value: "The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid address alignment exception and daemon crash) via vectors involving a multiplexed channel.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "IC82725", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC82725", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21610285", }, { name: "wmq-smca-dos(76434)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76434", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2012-2199", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid address alignment exception and daemon crash) via vectors involving a multiplexed channel.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IC82725", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC82725", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg21610285", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21610285", }, { name: "wmq-smca-dos(76434)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76434", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2012-2199", datePublished: "2012-09-25T20:00:00", dateReserved: "2012-04-04T00:00:00", dateUpdated: "2024-08-06T19:26:08.981Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1433 (GCVE-0-2017-1433)
Vulnerability from cvelistv5
Published
2017-12-07 15:00
Modified
2024-09-16 20:47
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/127803 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22005525 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102163 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 7.5 Version: 8.0 Version: 9.0 Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:29.621Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005525", }, { name: "102163", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102163", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.0", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "7.5.0.1", }, { status: "affected", version: "7.5.0.2", }, { status: "affected", version: "7.5.0.3", }, { status: "affected", version: "7.5.0.4", }, { status: "affected", version: "7.5.0.5", }, { status: "affected", version: "7.5.0.6", }, { status: "affected", version: "7.5.0.7", }, { status: "affected", version: "7.5.0.8", }, ], }, ], datePublic: "2017-12-06T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-14T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005525", }, { name: "102163", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102163", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-12-06T00:00:00", ID: "CVE-2017-1433", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.0", }, { version_value: "9.0", }, { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "7.5.0.1", }, { version_value: "7.5.0.2", }, { version_value: "7.5.0.3", }, { version_value: "7.5.0.4", }, { version_value: "7.5.0.5", }, { version_value: "7.5.0.6", }, { version_value: "7.5.0.7", }, { version_value: "7.5.0.8", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22005525", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22005525", }, { name: "102163", refsource: "BID", url: "http://www.securityfocus.com/bid/102163", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1433", datePublished: "2017-12-07T15:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T20:47:10.055Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1998 (GCVE-0-2018-1998)
Vulnerability from cvelistv5
Published
2019-03-11 22:00
Modified
2024-09-17 02:41
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/154887 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=ibm10870488 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:39.595Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-websphere-cve20181998-priv-escalation(154887)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/154887", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870488", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.0.2", }, { status: "affected", version: "8.0.0.8", }, { status: "affected", version: "8.0.0.9", }, { status: "affected", version: "9.0.0.3", }, { status: "affected", version: "8.0.0.0", }, { status: "affected", version: "8.0.0.10", }, { status: "affected", version: "9.0.0.0", }, { status: "affected", version: "9.0.0.4", }, { status: "affected", version: "9.0.0.5", }, { status: "affected", version: "9.1.1", }, ], }, ], datePublic: "2019-03-08T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 7.7, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:L/S:C/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-11T21:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-websphere-cve20181998-priv-escalation(154887)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/154887", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10870488", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-03-08T00:00:00", ID: "CVE-2018-1998", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.0.2", }, { version_value: "8.0.0.8", }, { version_value: "8.0.0.9", }, { version_value: "9.0.0.3", }, { version_value: "8.0.0.0", }, { version_value: "8.0.0.10", }, { version_value: "9.0.0.0", }, { version_value: "9.0.0.4", }, { version_value: "9.0.0.5", }, { version_value: "9.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "H", I: "H", PR: "L", S: "C", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "ibm-websphere-cve20181998-priv-escalation(154887)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/154887", }, { name: "https://www.ibm.com/support/docview.wss?uid=ibm10870488", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10870488", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1998", datePublished: "2019-03-11T22:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T02:41:53.831Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-9009 (GCVE-0-2016-9009)
Vulnerability from cvelistv5
Published
2017-02-24 18:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96441 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg21998647 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere MQ |
Version: 8.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:35:02.449Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96441", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96441", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998647", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM Corporation", versions: [ { status: "affected", version: "8.0", }, ], }, ], datePublic: "2017-02-20T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-01T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "96441", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96441", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21998647", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-9009", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "8.0", }, ], }, }, ], }, vendor_name: "IBM Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "96441", refsource: "BID", url: "http://www.securityfocus.com/bid/96441", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg21998647", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21998647", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-9009", datePublished: "2017-02-24T18:00:00", dateReserved: "2016-10-25T00:00:00", dateUpdated: "2024-08-06T02:35:02.449Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-7473 (GCVE-0-2015-7473)
Vulnerability from cvelistv5
Published
2016-06-26 14:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21984555 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036180 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:28.111Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984555", }, { name: "1036180", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036180", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-02T00:00:00", descriptions: [ { lang: "en", value: "runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-28T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984555", }, { name: "1036180", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036180", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-7473", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21984555", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984555", }, { name: "1036180", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036180", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-7473", datePublished: "2016-06-26T14:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:28.111Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-38949 (GCVE-0-2021-38949)
Vulnerability from cvelistv5
Published
2021-11-16 16:55
Modified
2024-09-17 00:50
Severity ?
EPSS score ?
Summary
IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6516424 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/211403 | vdb-entry, x_refsource_XF |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:51:20.731Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6516424", }, { name: "ibm-mq-cve202138949-info-disc (211403)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/211403", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "8.0.0", }, { status: "affected", version: "9.0.0", }, { status: "affected", version: "9.1.0", }, { status: "affected", version: "7.5.0", }, ], }, ], datePublic: "2021-11-15T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/C:H/AV:L/S:U/A:N/AC:L/I:N/UI:N/PR:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-16T16:55:19", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6516424", }, { name: "ibm-mq-cve202138949-info-disc (211403)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/211403", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-11-15T00:00:00", ID: "CVE-2021-38949", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "8.0.0", }, { version_value: "9.0.0", }, { version_value: "9.1.0", }, { version_value: "7.5.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6516424", refsource: "CONFIRM", title: "IBM Security Bulletin 6516424 (MQ)", url: "https://www.ibm.com/support/pages/node/6516424", }, { name: "ibm-mq-cve202138949-info-disc (211403)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/211403", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-38949", datePublished: "2021-11-16T16:55:19.555162Z", dateReserved: "2021-08-16T00:00:00", dateUpdated: "2024-09-17T00:50:43.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1341 (GCVE-0-2017-1341)
Vulnerability from cvelistv5
Published
2017-12-07 15:00
Modified
2024-09-16 18:45
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/126456 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22005400 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102042 | vdb-entry, x_refsource_BID |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:29.322Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005400", }, { name: "102042", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102042", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ", vendor: "IBM", versions: [ { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.6", }, { status: "affected", version: "8.0.0.7", }, { status: "affected", version: "9.0.3", }, ], }, ], datePublic: "2017-12-04T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.", }, ], problemTypes: [ { descriptions: [ { description: "Bypass Security", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-08T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22005400", }, { name: "102042", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102042", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-12-04T00:00:00", ID: "CVE-2017-1341", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ", version: { version_data: [ { version_value: "9.0", }, { version_value: "9.0.1", }, { version_value: "9.0.0.1", }, { version_value: "9.0.2", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.6", }, { version_value: "8.0.0.7", }, { version_value: "9.0.3", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Bypass Security", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22005400", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22005400", }, { name: "102042", refsource: "BID", url: "http://www.securityfocus.com/bid/102042", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1341", datePublished: "2017-12-07T15:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T18:45:12.994Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2009-0905 (GCVE-0-2009-0905)
Vulnerability from cvelistv5
Published
2011-10-30 19:00
Modified
2024-08-07 04:57
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51042 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=swg1IZ37102 | vendor-advisory, x_refsource_AIXAPAR |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:57:16.311Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "websphere-mq-group-weak-security(51042)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51042", }, { name: "IZ37102", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ37102", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-06-05T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "websphere-mq-group-weak-security(51042)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51042", }, { name: "IZ37102", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ37102", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-0905", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "websphere-mq-group-weak-security(51042)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51042", }, { name: "IZ37102", refsource: "AIXAPAR", url: "http://www.ibm.com/support/docview.wss?uid=swg1IZ37102", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-0905", datePublished: "2011-10-30T19:00:00", dateReserved: "2009-03-14T00:00:00", dateUpdated: "2024-08-07T04:57:16.311Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }