Vulnerabilities > IBM > MQ Appliance

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2022-22316 Unspecified vulnerability in IBM MQ Appliance
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks.
network
low complexity
ibm
6.5
2021-11-30 CVE-2021-38958 Unspecified vulnerability in IBM MQ Appliance 9.2.0.0
IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue.
local
low complexity
ibm
5.5
2021-11-30 CVE-2021-38967 Code Injection vulnerability in IBM MQ Appliance 9.2.0.0
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code.
local
low complexity
ibm CWE-94
6.7
2021-11-30 CVE-2021-38999 Information Exposure vulnerability in IBM MQ Appliance 9.2.0.0
IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace.
local
low complexity
ibm CWE-200
5.5
2021-11-30 CVE-2021-39000 Information Exposure vulnerability in IBM MQ Appliance 9.2.0.0
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics.
local
low complexity
ibm CWE-200
5.5
2021-11-08 CVE-2021-29843 Unspecified vulnerability in IBM MQ Appliance
IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties.
network
low complexity
ibm
6.5
2021-07-12 CVE-2020-4938 Cross-Site Request Forgery (CSRF) vulnerability in IBM MQ Appliance
IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2021-01-28 CVE-2020-4682 Deserialization of Untrusted Data vulnerability in IBM MQ, MQ Appliance and Websphere MQ
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data.
network
low complexity
ibm CWE-502
critical
9.8
2021-01-11 CVE-2020-4869 Classic Buffer Overflow vulnerability in IBM MQ Appliance 9.2.0.0
IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow.
network
low complexity
ibm CWE-120
6.5
2020-11-18 CVE-2020-4592 Unspecified vulnerability in IBM MQ Appliance 9.1.0.0
IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.
network
low complexity
ibm
6.5