Ibm Websphere Mq vulnerabilities

91 known vulnerabilities affecting ibm/websphere_mq.

Total CVEs
91
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH18MEDIUM58LOW12

Vulnerabilities

Page 5 of 5
CVE-2010-0782MEDIUMCVSS 4.3v6.0v6.0.1.0+17 more2010-10-20
CVE-2010-0782 [MEDIUM] CVE-2010-0782: IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 c IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate.
nvd
CVE-2010-0772MEDIUMCVSS 4.0v7.0.0v7.0.1+1 more2010-04-27
CVE-2010-0772 [MEDIUM] CVE-2010-0772: Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remot Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via "incorrect channel control data."
nvd
CVE-2009-3160HIGHCVSS 8.8v6v6.0+15 more2009-09-10
CVE-2009-3160 [HIGH] CVE-2009-3160: IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asy IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue.
nvd
CVE-2009-3159HIGHCVSS 7.8v7.0.0.0v7.0.0.1+1 more2009-09-10
CVE-2009-3159 [HIGH] CVE-2009-3159: Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7. Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors.
nvd
CVE-2009-3161HIGHCVSS 7.8v7.0.0.1v7.0.0.2+1 more2009-09-10
CVE-2009-3161 [HIGH] CVE-2009-3161: The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of s The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data.
nvd
CVE-2009-0896CRITICALCVSS 10.0v6.0v6.0.0.0+12 more2009-06-03
CVE-2009-0896 [CRITICAL] CWE-119 CVE-2009-0896: Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 a Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request.
nvd
CVE-2009-0439HIGHCVSS 7.2v5.3v5.3.1+10 more2009-02-24
CVE-2009-0439 [HIGH] CWE-264 CVE-2009-0439: Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, an Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.
nvd
CVE-2008-1592MEDIUMCVSS 4.6v5.1v5.3+1 more2008-03-31
CVE-2008-1592 [MEDIUM] CWE-264 CVE-2008-1592: MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does n MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels."
nvd
CVE-2007-6705LOWCVSS 3.3≤ 5.3≤ 6.0.2.02008-03-09
CVE-2007-6705 [LOW] CWE-264 CVE-2007-6705: The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.
nvd
CVE-2008-1130MEDIUMCVSS 6.6v5.3v62008-03-04
CVE-2008-1130 [MEDIUM] CWE-287 CVE-2008-1130: Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel.
nvd
CVE-2007-6044CRITICALCVSS 10.0v6.02007-11-20
CVE-2007-6044 [CRITICAL] CWE-399 CVE-2007-6044: Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack v Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
nvd
← Previous5 / 5
Ibm Websphere Mq vulnerabilities | cvebase