Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0911 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 4.3 MEDIUM | N/A |
| inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors. | |||||
| CVE-2014-4771 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 3.5 LOW | N/A |
| IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query. | |||||
| CVE-2016-0379 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 3.5 LOW | 3.1 LOW |
| IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights. | |||||
| CVE-2014-6116 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration. | |||||
| CVE-2015-7473 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 2.1 LOW | 2.5 LOW |
| runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp. | |||||
| CVE-2015-2012 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 2.1 LOW | 4.0 MEDIUM |
| The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2014-4793 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 6.5 MEDIUM | N/A |
| IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors. | |||||
| CVE-2015-0176 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response. | |||||
| CVE-2014-4822 | 1 Ibm | 2 Websphere Mq, Websphere Mq Explorer | 2025-04-12 | 1.9 LOW | N/A |
| IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation. | |||||
| CVE-2015-2013 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call. | |||||
| CVE-2013-4054 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI. | |||||
| CVE-2016-0260 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors. | |||||
| CVE-2016-0259 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 2.1 LOW | 2.5 LOW |
| runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands. | |||||
| CVE-2015-1967 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 4.3 MEDIUM | N/A |
| MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network for a session in which TLS is not used. | |||||
| CVE-2011-1378 | 2 Hp, Ibm | 2 Openvms, Websphere Mq | 2025-04-11 | 1.9 LOW | N/A |
| IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command. | |||||
| CVE-2012-2199 | 2 Ibm, Oracle | 2 Websphere Mq, Solaris | 2025-04-11 | 5.0 MEDIUM | N/A |
| The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid address alignment exception and daemon crash) via vectors involving a multiplexed channel. | |||||
| CVE-2013-3028 | 1 Ibm | 1 Websphere Mq | 2025-04-11 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors. | |||||
| CVE-2011-0310 | 1 Ibm | 1 Websphere Mq | 2025-04-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message. | |||||
| CVE-2011-0314 | 1 Ibm | 1 Websphere Mq | 2025-04-11 | 6.5 MEDIUM | N/A |
| Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue. | |||||
| CVE-2012-2206 | 1 Ibm | 1 Websphere Mq | 2025-04-11 | 3.5 LOW | N/A |
| The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI. | |||||