Vulnerability-Lookup

WID-SEC-W-2024-3732

Vulnerability from csaf_certbund - Published: 2024-12-18 23:00 - Updated: 2025-01-30 23:00

Summary

IBM MQ: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: IBM MQ ist eine Message Oriented Middleware von IBM.

Angriff: Ein lokaler oder ein entfernter authentisierter Angreifer kann mehrere Schwachstellen in IBM MQ ausnutzen, um Informationen preiszugeben oder einen Denial-of-Service-Zustand zu erzeugen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2024-52896

Es bestehen mehrere Schwachstellen in IBM MQ. Diese Schwachstellen betreffen die Web-Konsole aufgrund einer unsachgemäßen Behandlung von Fehlermeldungen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Passwörter aus den detaillierten technischen Fehlermeldungen offenzulegen.

Affected products

Known affected 11 products

Product	Identifier	Version
IBM MQ <9.3.0.26 IBM / MQ		<9.3.0.26
IBM MQ <9.4.1 IBM / MQ		<9.4.1
IBM MQ <9.2.0.30 IBM / MQ		<9.2.0.30
IBM MQ Appliance 9.3 LTS IBM / MQ	`cpe:/a:ibm:mq:appliance_9.3_lts`	Appliance 9.3 LTS
IBM MQ <9.4.0.7 IBM / MQ		<9.4.0.7
IBM MQ <9.3.0.25 IBM / MQ		<9.3.0.25
IBM MQ Appliance 9.3 CD IBM / MQ	`cpe:/a:ibm:mq:appliance_9.3_cd`	Appliance 9.3 CD
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
IBM MQ Container IBM / MQ	`cpe:/a:ibm:mq:container`	Container
IBM MQ <9.4.1.1 IBM / MQ		<9.4.1.1
IBM MQ Appliance 9.4 LTS IBM / MQ	`cpe:/a:ibm:mq:appliance_9.4_lts`	Appliance 9.4 LTS

CVE-2024-52897

Affected products

Known affected 11 products

Product	Identifier	Version
IBM MQ <9.3.0.26 IBM / MQ		<9.3.0.26
IBM MQ <9.4.1 IBM / MQ		<9.4.1
IBM MQ <9.2.0.30 IBM / MQ		<9.2.0.30
IBM MQ Appliance 9.3 LTS IBM / MQ	`cpe:/a:ibm:mq:appliance_9.3_lts`	Appliance 9.3 LTS
IBM MQ <9.4.0.7 IBM / MQ		<9.4.0.7
IBM MQ <9.3.0.25 IBM / MQ		<9.3.0.25
IBM MQ Appliance 9.3 CD IBM / MQ	`cpe:/a:ibm:mq:appliance_9.3_cd`	Appliance 9.3 CD
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
IBM MQ Container IBM / MQ	`cpe:/a:ibm:mq:container`	Container
IBM MQ <9.4.1.1 IBM / MQ		<9.4.1.1
IBM MQ Appliance 9.4 LTS IBM / MQ	`cpe:/a:ibm:mq:appliance_9.4_lts`	Appliance 9.4 LTS

CVE-2024-52898

Affected products

Known affected 11 products

Product	Identifier	Version
IBM MQ <9.3.0.26 IBM / MQ		<9.3.0.26
IBM MQ <9.4.1 IBM / MQ		<9.4.1
IBM MQ <9.2.0.30 IBM / MQ		<9.2.0.30
IBM MQ Appliance 9.3 LTS IBM / MQ	`cpe:/a:ibm:mq:appliance_9.3_lts`	Appliance 9.3 LTS
IBM MQ <9.4.0.7 IBM / MQ		<9.4.0.7
IBM MQ <9.3.0.25 IBM / MQ		<9.3.0.25
IBM MQ Appliance 9.3 CD IBM / MQ	`cpe:/a:ibm:mq:appliance_9.3_cd`	Appliance 9.3 CD
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
IBM MQ Container IBM / MQ	`cpe:/a:ibm:mq:container`	Container
IBM MQ <9.4.1.1 IBM / MQ		<9.4.1.1
IBM MQ Appliance 9.4 LTS IBM / MQ	`cpe:/a:ibm:mq:appliance_9.4_lts`	Appliance 9.4 LTS

CVE-2024-51470

Es besteht eine Schwachstelle in IBM MQ aufgrund von Nachrichten mit nicht ordnungsgemäß gesetzten Werten. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.

Affected products

Known affected 10 products

Product	Identifier	Version
IBM MQ <9.4.1 IBM / MQ		<9.4.1
IBM MQ <9.2.0.30 IBM / MQ		<9.2.0.30
IBM MQ Appliance 9.3 LTS IBM / MQ	`cpe:/a:ibm:mq:appliance_9.3_lts`	Appliance 9.3 LTS
IBM MQ <9.1.0.26 IBM / MQ		<9.1.0.26
IBM MQ <9.4.0.7 IBM / MQ		<9.4.0.7
IBM MQ <9.3.0.25 IBM / MQ		<9.3.0.25
IBM MQ Appliance 9.3 CD IBM / MQ	`cpe:/a:ibm:mq:appliance_9.3_cd`	Appliance 9.3 CD
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
IBM MQ Container IBM / MQ	`cpe:/a:ibm:mq:container`	Container
IBM MQ Appliance 9.4 LTS IBM / MQ	`cpe:/a:ibm:mq:appliance_9.4_lts`	Appliance 9.4 LTS

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7179137	external
https://www.ibm.com/support/pages/node/7179152	external
https://www.ibm.com/support/pages/node/7179151	external
https://www.ibm.com/support/pages/node/7179150	external
https://www.ibm.com/support/pages/node/7178085	external
https://www.ibm.com/support/pages/node/7182196	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM MQ ist eine Message Oriented Middleware von IBM.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler oder ein entfernter authentisierter Angreifer kann mehrere Schwachstellen in IBM MQ ausnutzen, um Informationen preiszugeben oder einen Denial-of-Service-Zustand zu erzeugen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3732 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3732.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3732 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3732"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7179137 vom 2024-12-18",
        "url": "https://www.ibm.com/support/pages/node/7179137"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7179152 vom 2024-12-18",
        "url": "https://www.ibm.com/support/pages/node/7179152"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7179151 vom 2024-12-18",
        "url": "https://www.ibm.com/support/pages/node/7179151"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7179150 vom 2024-12-18",
        "url": "https://www.ibm.com/support/pages/node/7179150"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7178085 vom 2024-12-19",
        "url": "https://www.ibm.com/support/pages/node/7178085"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7182196 vom 2025-01-31",
        "url": "https://www.ibm.com/support/pages/node/7182196"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM MQ: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-01-30T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-31T12:08:49.828+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-3732",
      "initial_release_date": "2024-12-18T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-12-18T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-01-30T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Appliance 9.3 LTS",
                "product": {
                  "name": "IBM MQ Appliance 9.3 LTS",
                  "product_id": "T027815",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:appliance_9.3_lts"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Operator",
                "product": {
                  "name": "IBM MQ Operator",
                  "product_id": "T036688",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:operator"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Appliance 9.4 LTS",
                "product": {
                  "name": "IBM MQ Appliance 9.4 LTS",
                  "product_id": "T037652",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:appliance_9.4_lts"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Appliance 9.3 CD",
                "product": {
                  "name": "IBM MQ Appliance 9.3 CD",
                  "product_id": "T037653",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:appliance_9.3_cd"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.0.26",
                "product": {
                  "name": "IBM MQ \u003c9.1.0.26",
                  "product_id": "T039934"
                }
              },
              {
                "category": "product_version",
                "name": "9.1.0.26",
                "product": {
                  "name": "IBM MQ 9.1.0.26",
                  "product_id": "T039934-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:9.1.0.26"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.0.30",
                "product": {
                  "name": "IBM MQ \u003c9.2.0.30",
                  "product_id": "T039935"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.0.30",
                "product": {
                  "name": "IBM MQ 9.2.0.30",
                  "product_id": "T039935-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:9.2.0.30"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.3.0.25",
                "product": {
                  "name": "IBM MQ \u003c9.3.0.25",
                  "product_id": "T039936"
                }
              },
              {
                "category": "product_version",
                "name": "9.3.0.25",
                "product": {
                  "name": "IBM MQ 9.3.0.25",
                  "product_id": "T039936-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:9.3.0.25"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.4.0.7",
                "product": {
                  "name": "IBM MQ \u003c9.4.0.7",
                  "product_id": "T039937"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.0.7",
                "product": {
                  "name": "IBM MQ 9.4.0.7",
                  "product_id": "T039937-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:9.4.0.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.4.1",
                "product": {
                  "name": "IBM MQ \u003c9.4.1",
                  "product_id": "T039938"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.1",
                "product": {
                  "name": "IBM MQ 9.4.1",
                  "product_id": "T039938-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:9.4.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.3.0.26",
                "product": {
                  "name": "IBM MQ \u003c9.3.0.26",
                  "product_id": "T039939"
                }
              },
              {
                "category": "product_version",
                "name": "9.3.0.26",
                "product": {
                  "name": "IBM MQ 9.3.0.26",
                  "product_id": "T039939-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:9.3.0.26"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.4.1.1",
                "product": {
                  "name": "IBM MQ \u003c9.4.1.1",
                  "product_id": "T039940"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.1.1",
                "product": {
                  "name": "IBM MQ 9.4.1.1",
                  "product_id": "T039940-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:9.4.1.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Container",
                "product": {
                  "name": "IBM MQ Container",
                  "product_id": "T040640",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:container"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MQ"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-52896",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM MQ. Diese Schwachstellen betreffen die Web-Konsole aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Fehlermeldungen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Passw\u00f6rter aus den detaillierten technischen Fehlermeldungen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039939",
          "T039938",
          "T039935",
          "T027815",
          "T039937",
          "T039936",
          "T037653",
          "T036688",
          "T040640",
          "T039940",
          "T037652"
        ]
      },
      "release_date": "2024-12-18T23:00:00.000+00:00",
      "title": "CVE-2024-52896"
    },
    {
      "cve": "CVE-2024-52897",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM MQ. Diese Schwachstellen betreffen die Web-Konsole aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Fehlermeldungen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Passw\u00f6rter aus den detaillierten technischen Fehlermeldungen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039939",
          "T039938",
          "T039935",
          "T027815",
          "T039937",
          "T039936",
          "T037653",
          "T036688",
          "T040640",
          "T039940",
          "T037652"
        ]
      },
      "release_date": "2024-12-18T23:00:00.000+00:00",
      "title": "CVE-2024-52897"
    },
    {
      "cve": "CVE-2024-52898",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM MQ. Diese Schwachstellen betreffen die Web-Konsole aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Fehlermeldungen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Passw\u00f6rter aus den detaillierten technischen Fehlermeldungen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039939",
          "T039938",
          "T039935",
          "T027815",
          "T039937",
          "T039936",
          "T037653",
          "T036688",
          "T040640",
          "T039940",
          "T037652"
        ]
      },
      "release_date": "2024-12-18T23:00:00.000+00:00",
      "title": "CVE-2024-52898"
    },
    {
      "cve": "CVE-2024-51470",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in IBM MQ aufgrund von Nachrichten mit nicht ordnungsgem\u00e4\u00df gesetzten Werten. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039938",
          "T039935",
          "T027815",
          "T039934",
          "T039937",
          "T039936",
          "T037653",
          "T036688",
          "T040640",
          "T037652"
        ]
      },
      "release_date": "2024-12-18T23:00:00.000+00:00",
      "title": "CVE-2024-51470"
    }
  ]
}

CVE-2024-51470 (GCVE-0-2024-51470)

Vulnerability from cvelistv5 – Published: 2024-12-18 19:56 – Updated: 2024-12-18 20:24

Title

IBM MQ denial of service

Summary

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

ibm

References

3 references

URL	Tags
https://www.ibm.com/support/pages/node/7179137	vendor-advisory
https://www.ibm.com/support/pages/node/7178085	vendor-advisory
https://www.ibm.com/support/pages/node/7177593	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
IBM	MQ	Affected: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD cpe:2.3:a:ibm:mq:9.1.0.0::::lts::: cpe:2.3:a:ibm:mq:9.2.0::::lts::: cpe:2.3:a:ibm:mq:9.3.0::::lts::: cpe:2.3:a:ibm:mq:9.3.0::::continuous_delivery::: cpe:2.3:a:ibm:mq:9.4.0::::lts::: cpe:2.3:a:ibm:mq:9.4.0::::continuous_delivery:::
IBM	MQ Appliance	Affected: 9.3 LTS, 9.3 CD, 9.4 LTS cpe:2.3:a:ibm:mq_appliance:9.3::::lts::: cpe:2.3:a:ibm:mq_appliance:9.3::::continuous_delivery::: cpe:2.3:a:ibm:mq_appliance:9.4::::lts:::
IBM	MQ for HPE NonStop	Affected: 8.1.0 , ≤ 8.1.0.25 (semver) cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:::::::* cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-51470",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-18T20:24:17.133411Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-18T20:24:38.409Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
            "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MQ",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
            "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.3 LTS, 9.3 CD, 9.4 LTS"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MQ for HPE NonStop",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "8.1.0.25",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ\u0026nbsp;9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u0026nbsp;9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u0026nbsp;could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.\u003c/span\u003e"
            }
          ],
          "value": "IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-18T19:56:10.377Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7179137"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7178085"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7177593"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM MQ denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-51470",
    "datePublished": "2024-12-18T19:56:10.377Z",
    "dateReserved": "2024-10-28T10:50:18.700Z",
    "dateUpdated": "2024-12-18T20:24:38.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52896 (GCVE-0-2024-52896)

Vulnerability from cvelistv5 – Published: 2024-12-19 17:01 – Updated: 2025-01-10 14:26

Title

IBM MQ information disclosure

Summary

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.

Severity

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-209 - Generation of Error Message Containing Sensitive Information

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7179152

Impacted products

1 product

Vendor	Product	Version
IBM	MQ	Affected: 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD cpe:2.3:a:ibm:mq:9.2.0::::lts::: cpe:2.3:a:ibm:mq:9.3.0::::lts::: cpe:2.3:a:ibm:mq:9.3.0::::continuous_delivery::: cpe:2.3:a:ibm:mq:9.4.0::::lts::: cpe:2.3:a:ibm:mq:9.4.0::::continuous_delivery:::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52896",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-20T16:45:05.829507Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-20T17:40:50.695Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
            "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MQ",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.\u003c/span\u003e"
            }
          ],
          "value": "IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-10T14:26:51.681Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7179152"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM MQ information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-52896",
    "datePublished": "2024-12-19T17:01:20.061Z",
    "dateReserved": "2024-11-17T14:25:44.935Z",
    "dateUpdated": "2025-01-10T14:26:51.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52897 (GCVE-0-2024-52897)

Vulnerability from cvelistv5 – Published: 2024-12-19 17:18 – Updated: 2025-01-14 16:39

Title

IBM MQ information disclosure

Summary

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.

Severity

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-209 - Generation of Error Message Containing Sensitive Information

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7179151

Impacted products

1 product

Vendor	Product	Version
IBM	MQ	Affected: 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD cpe:2.3:a:ibm:mq:9.2.0::::lts::: cpe:2.3:a:ibm:mq:9.3.0::::lts::: cpe:2.3:a:ibm:mq:9.3.0::::continuous_delivery::: cpe:2.3:a:ibm:mq:9.4.0::::lts::: cpe:2.3:a:ibm:mq:9.4.0::::continuous_delivery:::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52897",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-20T17:52:05.732429Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T16:39:11.196Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
            "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MQ",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.\u003c/span\u003e"
            }
          ],
          "value": "IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-10T14:25:28.184Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7179151"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM MQ information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-52897",
    "datePublished": "2024-12-19T17:18:11.436Z",
    "dateReserved": "2024-11-17T14:25:44.935Z",
    "dateUpdated": "2025-01-14T16:39:11.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52898 (GCVE-0-2024-52898)

Vulnerability from cvelistv5 – Published: 2025-01-14 16:49 – Updated: 2025-01-14 17:41

Title

IBM MQ information disclosure

Summary

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned.

Severity

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-209 - Generation of Error Message Containing Sensitive Information

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7179150

Impacted products

1 product

Vendor	Product	Version
IBM	MQ	Affected: 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD cpe:2.3:a:ibm:mq:9.3.0::::lts::: cpe:2.3:a:ibm:mq:9.3.0::::continuous_delivery::: cpe:2.3:a:ibm:mq:9.4.0::::lts::: cpe:2.3:a:ibm:mq:9.4.0::::continuous_delivery:::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52898",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T17:41:36.882087Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T17:41:54.638Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
            "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MQ",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned."
            }
          ],
          "value": "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T16:49:57.674Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7179150"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM MQ information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-52898",
    "datePublished": "2025-01-14T16:49:57.674Z",
    "dateReserved": "2024-11-17T14:25:44.935Z",
    "dateUpdated": "2025-01-14T17:41:54.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2024-3732

CVE-2024-51470 (GCVE-0-2024-51470)

CVE-2024-52896 (GCVE-0-2024-52896)

CVE-2024-52897 (GCVE-0-2024-52897)

CVE-2024-52898 (GCVE-0-2024-52898)

Tags

Sightings

Nomenclature