Vulnerabilities > IBM > MQ Appliance > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-46177 Unspecified vulnerability in IBM MQ Appliance 9.3.0.0
IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm
7.5
2023-11-03 CVE-2023-46176 Unspecified vulnerability in IBM MQ Appliance 9.3.0.0
IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys.
local
low complexity
ibm
7.8
2023-07-19 CVE-2023-28513 Unspecified vulnerability in IBM MQ and MQ Appliance
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages.
network
low complexity
ibm
7.5
2023-05-05 CVE-2023-26285 Unspecified vulnerability in IBM MQ Appliance
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data.
network
low complexity
ibm
7.5
2023-03-10 CVE-2022-43902 Unspecified vulnerability in IBM MQ Appliance
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages.
network
low complexity
ibm
7.5
2021-07-12 CVE-2020-4938 Cross-Site Request Forgery (CSRF) vulnerability in IBM MQ Appliance
IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2020-07-28 CVE-2020-4375 Memory Leak vulnerability in IBM MQ Appliance
IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue.
network
low complexity
ibm CWE-401
7.5
2020-01-28 CVE-2019-4620 Improper Input Validation vulnerability in IBM MQ Appliance
IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables.
local
low complexity
ibm CWE-20
7.8
2019-08-20 CVE-2019-4294 OS Command Injection vulnerability in IBM Datapower Gateway and MQ Appliance
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability.
local
low complexity
ibm CWE-78
7.8
2019-04-19 CVE-2019-4055 Unspecified vulnerability in IBM MQ and MQ Appliance
IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function.
network
low complexity
ibm
7.5