Vulnerabilities > IBM > Websphere MQ > 9.1.0.0

DATE CVE VULNERABILITY TITLE RISK
2019-09-27 CVE-2019-4141 Memory Leak vulnerability in IBM Websphere MQ and Websphere MQ Appliance
IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code.
network
low complexity
ibm CWE-401
6.5
6.5
2019-05-23 CVE-2019-4078 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories.
local
low complexity
ibm CWE-732
7.8
7.8
2019-05-23 CVE-2019-4039 Unspecified vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system.
local
low complexity
ibm
5.5
5.5
2019-04-15 CVE-2018-1925 Inadequate Encryption Strength vulnerability in IBM Websphere MQ 9.1.0.0/9.1.0.1/9.1.1
IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
high complexity
ibm CWE-326
5.9
5.9
2019-03-11 CVE-2018-1998 OS Command Injection vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges.
local
low complexity
ibm CWE-78
7.8
7.8
2019-03-11 CVE-2018-1974 Unspecified vulnerability in IBM Websphere MQ
IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels.
network
high complexity
ibm
7.5
7.5
2018-11-13 CVE-2018-1792 Code Injection vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges.
local
low complexity
ibm CWE-94
7.8
7.8
2018-11-09 CVE-2018-1684 Unspecified vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack.
network
low complexity
ibm
6.5
6.5