Vulnerabilities > IBM > Websphere MQ > 7.0.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-02-22 | CVE-2016-3052 | Information Exposure vulnerability in IBM Websphere MQ Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. | 4.3 |
2017-02-22 | CVE-2016-3013 | Data Processing Errors vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. | 4.0 |
2015-04-27 | CVE-2015-0176 | Cross-site Scripting vulnerability in IBM Websphere MQ Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response. | 4.3 |
2013-07-02 | CVE-2013-3028 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors. | 4.6 |
2011-10-30 | CVE-2009-0905 | Improper Input Validation vulnerability in IBM Websphere MQ IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring. | 1.7 |
2011-10-30 | CVE-2009-0900 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file. | 4.1 |
2011-10-29 | CVE-2010-0780 | Resource Management Errors vulnerability in IBM Websphere MQ IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager. | 4.3 |
2011-07-07 | CVE-2011-1224 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application. | 4.3 |
2011-01-13 | CVE-2011-0310 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message. | 6.8 |
2011-01-12 | CVE-2011-0314 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue. | 6.5 |