All the vulnerabilites related to IBM - MQ
cve-2019-4049
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/docview.wss?uid=ibm10870490 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/156398 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:27.980Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870490" }, { "name": "ibm-websphere-cve20194049-dos (156398)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156398" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" } ] } ], "datePublic": "2019-08-05T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/I:N/UI:N/AV:L/S:U/AC:L/A:H/C:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-20T18:25:26", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870490" }, { "name": "ibm-websphere-cve20194049-dos (156398)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156398" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-08-05T00:00:00", "ID": "CVE-2019-4049", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10870490", "refsource": "CONFIRM", "title": "IBM Security Bulletin 870490 (MQ)", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870490" }, { "name": "ibm-websphere-cve20194049-dos (156398)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156398" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4049", "datePublished": "2019-08-20T18:25:26.381956Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T03:47:44.113Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1235
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=swg22005415 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/123914 | x_refsource_MISC | |
http://www.securityfocus.com/bid/100955 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:25:17.599Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22005415" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123914" }, { "name": "100955", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100955" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8" } ] } ], "datePublic": "2017-09-20T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-26T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22005415" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123914" }, { "name": "100955", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100955" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-09-20T00:00:00", "ID": "CVE-2017-1235", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22005415", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22005415" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123914", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123914" }, { "name": "100955", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100955" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1235", "datePublished": "2017-09-25T16:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T22:02:28.205Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4078
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/docview.wss?uid=ibm10872876 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/157190 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 8.0.0.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:27.998Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872876" }, { "name": "ibm-websphere-cve20194078-priv-escalation (157190)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157190" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "8.0.0.11" } ] } ], "datePublic": "2019-05-21T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:H/S:U/UI:N/C:H/A:H/AV:L/AC:H/PR:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-23T14:05:15", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872876" }, { "name": "ibm-websphere-cve20194078-priv-escalation (157190)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157190" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-05-21T00:00:00", "ID": "CVE-2019-4078", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "8.0.0.11" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "L", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10872876", "refsource": "CONFIRM", "title": "IBM Security Bulletin 0872876 (MQ)", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872876" }, { "name": "ibm-websphere-cve20194078-priv-escalation (157190)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157190" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4078", "datePublished": "2019-05-23T14:05:15.498574Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T20:11:56.782Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38949
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6516424 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/211403 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.731Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6516424" }, { "name": "ibm-mq-cve202138949-info-disc (211403)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211403" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0.0" }, { "status": "affected", "version": "9.0.0" }, { "status": "affected", "version": "9.1.0" }, { "status": "affected", "version": "7.5.0" } ] } ], "datePublic": "2021-11-15T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:H/AV:L/S:U/A:N/AC:L/I:N/UI:N/PR:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-16T16:55:19", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6516424" }, { "name": "ibm-mq-cve202138949-info-disc (211403)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211403" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-11-15T00:00:00", "ID": "CVE-2021-38949", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "8.0.0" }, { "version_value": "9.0.0" }, { "version_value": "9.1.0" }, { "version_value": "7.5.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "L", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6516424", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6516424 (MQ)", "url": "https://www.ibm.com/support/pages/node/6516424" }, { "name": "ibm-mq-cve202138949-info-disc (211403)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211403" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38949", "datePublished": "2021-11-16T16:55:19.555162Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-17T00:50:43.084Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-31772
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6833806 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/228335 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:26:01.046Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6833806" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228335" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.\u003c/span\u003e\n\n" } ], "value": "\nIBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-11T18:56:12.717Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6833806" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228335" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-31772", "datePublished": "2022-11-11T18:56:12.717Z", "dateReserved": "2022-05-27T15:57:46.681Z", "dateUpdated": "2024-08-03T07:26:01.046Z", "requesterUserId": "69938c14-a5a2-41ac-a450-71ed41911136", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28950
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://https://www.ibm.com/support/pages/node/6985837 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/251358 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:51:39.003Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://https://www.ibm.com/support/pages/node/6985837" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251358" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.2 CD, 9.3 LTS, 9.3 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358." } ], "value": "IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "497 Exposure of System Data to an Unauthorized Control Sphere", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-19T15:20:50.476Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://https://www.ibm.com/support/pages/node/6985837" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251358" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ information disclosure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-28950", "datePublished": "2023-05-19T15:20:50.476Z", "dateReserved": "2023-03-29T01:33:55.064Z", "dateUpdated": "2024-08-02T13:51:39.003Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1283
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=swg22003852 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/125144 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:32:28.414Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22003852" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.0" }, { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "9.0.2" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.3" }, { "status": "affected", "version": "9.0.4" } ] } ], "datePublic": "2017-11-15T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-27T20:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22003852" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-1283", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "9.0" }, { "version_value": "9.0.1" }, { "version_value": "9.0.0.1" }, { "version_value": "9.0.2" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.3" }, { "version_value": "9.0.4" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22003852", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22003852" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1283", "datePublished": "2017-11-27T21:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T16:14:15.714Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1925
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/docview.wss?uid=ibm10744713 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/152925 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T04:14:39.384Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744713" }, { "name": "ibm-websphere-cve20181925-info-disc (152925)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152925" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" } ] } ], "datePublic": "2019-04-10T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/A:N/PR:N/AV:N/AC:H/UI:N/I:N/C:H/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-15T14:55:26", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744713" }, { "name": "ibm-websphere-cve20181925-info-disc (152925)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152925" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-04-10T00:00:00", "ID": "CVE-2018-1925", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10744713", "refsource": "CONFIRM", "title": "IBM Security Bulletin 744713 (MQ)", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744713" }, { "name": "ibm-websphere-cve20181925-info-disc (152925)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152925" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1925", "datePublished": "2019-04-15T14:55:26.446570Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T18:39:54.967Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1337
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/99493 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/126245 | x_refsource_MISC | |
http://www.ibm.com/support/docview.wss?uid=swg22003853 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:32:29.414Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "99493", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99493" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126245" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22003853" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.2" } ] } ], "datePublic": "2017-07-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245." } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-11T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "99493", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99493" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126245" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22003853" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-07-06T00:00:00", "ID": "CVE-2017-1337", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.1" }, { "version_value": "9.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "99493", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99493" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126245", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126245" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22003853", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22003853" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1337", "datePublished": "2017-07-10T16:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-17T00:21:01.690Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38875
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6517672 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/208398 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.613Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6517672" }, { "name": "ibm-mq-cve202138875-dos (208398)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208398" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0.0" }, { "status": "affected", "version": "9.0.0" }, { "status": "affected", "version": "9.1.0" }, { "status": "affected", "version": "9.2.0" } ] } ], "datePublic": "2021-11-22T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:N/AC:L/UI:N/PR:L/S:U/C:N/A:H/AV:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-23T19:15:31", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6517672" }, { "name": "ibm-mq-cve202138875-dos (208398)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208398" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-11-22T00:00:00", "ID": "CVE-2021-38875", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "8.0.0" }, { "version_value": "9.0.0" }, { "version_value": "9.1.0" }, { "version_value": "9.2.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6517672", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6517672 (MQ)", "url": "https://www.ibm.com/support/pages/node/6517672" }, { "name": "ibm-mq-cve202138875-dos (208398)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208398" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38875", "datePublished": "2021-11-23T19:15:31.816079Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T23:25:23.907Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1699
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=swg22010340 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/134391 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:39:31.924Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22010340" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.0" }, { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "9.0.2" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "9.0.3" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391." } ], "problemTypes": [ { "descriptions": [ { "description": "Data Manipulation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T16:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22010340" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-1699", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "9.0" }, { "version_value": "9.0.1" }, { "version_value": "9.0.0.1" }, { "version_value": "9.0.2" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "9.0.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Data Manipulation" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22010340", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22010340" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1699", "datePublished": "2018-01-04T17:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-17T03:08:03.425Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43919
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6986559 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/241354 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.734Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6986559" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241354" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2 CD, 9.2 LTS, 9.3 CD, 9.3 LTS" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354." } ], "value": "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-05T14:24:44.592Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6986559" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241354" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-43919", "datePublished": "2023-05-05T14:24:44.592Z", "dateReserved": "2022-10-26T15:46:22.847Z", "dateUpdated": "2024-08-03T13:40:06.734Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1543
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=swg22016346 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/142598 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T04:07:43.439Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22016346" }, { "name": "ibm-websphere-cve20181543-info-disc(142598)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142598" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.0" } ] } ], "datePublic": "2018-06-22T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-27T17:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22016346" }, { "name": "ibm-websphere-cve20181543-info-disc(142598)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142598" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-06-22T00:00:00", "ID": "CVE-2018-1543", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "9.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22016346", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22016346" }, { "name": "ibm-websphere-cve20181543-info-disc(142598)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142598" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1543", "datePublished": "2018-06-27T18:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-17T03:48:13.036Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22489
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6613021 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/226339 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.269Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6613021" }, { "name": "ibm-mq-cve202222489-xxe (226339)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226339" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.0.LTS" }, { "status": "affected", "version": "9.1.LTS" }, { "status": "affected", "version": "9.1.CD" }, { "status": "affected", "version": "9.2.CD" } ] } ], "datePublic": "2022-08-18T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.1, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/S:U/A:L/PR:N/UI:N/AC:L/C:H/I:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-19T18:50:09", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6613021" }, { "name": "ibm-mq-cve202222489-xxe (226339)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226339" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-08-18T00:00:00", "ID": "CVE-2022-22489", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "9.0.LTS" }, { "version_value": "9.1.LTS" }, { "version_value": "9.1.CD" }, { "version_value": "9.2.CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "L", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6613021", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6613021 (MQ)", "url": "https://www.ibm.com/support/pages/node/6613021" }, { "name": "ibm-mq-cve202222489-xxe (226339)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226339" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22489", "datePublished": "2022-08-19T18:50:10.108836Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-16T19:14:53.919Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1612
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1040175 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102479 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/132953 | x_refsource_MISC | |
http://www.ibm.com/support/docview.wss?uid=swg22009918 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:39:32.123Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1040175", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040175" }, { "name": "102479", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102479" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22009918" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.5" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.0" } ] } ], "datePublic": "2018-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under \u0027mqm\u0027 user. IBM X-Force ID: 132953." } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-14T10:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "1040175", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040175" }, { "name": "102479", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102479" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22009918" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-01-04T00:00:00", "ID": "CVE-2017-1612", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "7.0.1" }, { "version_value": "7.1" }, { "version_value": "7.5" }, { "version_value": "8.0" }, { "version_value": "9.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under \u0027mqm\u0027 user. IBM X-Force ID: 132953." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "1040175", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040175" }, { "name": "102479", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102479" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22009918", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22009918" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1612", "datePublished": "2018-01-09T20:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T18:29:50.060Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4055
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/docview.wss?uid=ibm10870484 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/156564 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/108027 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:27.972Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870484" }, { "name": "ibm-websphere-cve20194055-dos (156564)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564" }, { "name": "108027", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" } ] } ], "datePublic": "2019-04-16T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/I:N/C:N/AV:N/A:H/UI:N/PR:N/S:U/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-23T07:06:04", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870484" }, { "name": "ibm-websphere-cve20194055-dos (156564)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564" }, { "name": "108027", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108027" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-04-16T00:00:00", "ID": "CVE-2019-4055", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10870484", "refsource": "CONFIRM", "title": "IBM Security Bulletin 870484 (MQ)", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870484" }, { "name": "ibm-websphere-cve20194055-dos (156564)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564" }, { "name": "108027", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108027" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4055", "datePublished": "2019-04-19T16:20:15.989741Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T04:14:16.419Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4568
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1106517 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/166629 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 8.0.0.11 Version: 9.0.0.6 Version: 8.0.0.12 Version: 9.0.0.7 Version: 8.0.0.13 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:47.612Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1106517" }, { "name": "ibm-mq-cve20194568-dos (166629)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166629" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "8.0.0.11" }, { "status": "affected", "version": "9.0.0.6" }, { "status": "affected", "version": "8.0.0.12" }, { "status": "affected", "version": "9.0.0.7" }, { "status": "affected", "version": "8.0.0.13" } ] } ], "datePublic": "2020-01-24T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/A:H/C:N/AV:N/AC:H/I:N/UI:N/PR:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-28T18:30:52", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1106517" }, { "name": "ibm-mq-cve20194568-dos (166629)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166629" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-01-24T00:00:00", "ID": "CVE-2019-4568", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "8.0.0.11" }, { "version_value": "9.0.0.6" }, { "version_value": "8.0.0.12" }, { "version_value": "9.0.0.7" }, { "version_value": "8.0.0.13" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1106517", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1106517 (MQ)", "url": "https://www.ibm.com/support/pages/node/1106517" }, { "name": "ibm-mq-cve20194568-dos (166629)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166629" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4568", "datePublished": "2020-01-28T18:30:52.103667Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T04:13:47.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42436
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6909467 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/238206 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:40.867Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6909467" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238206" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206." } ], "value": "IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-12T01:45:42.615671Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6909467" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238206" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ information disclosure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-42436", "datePublished": "2023-02-08T19:28:52.753Z", "dateReserved": "2022-10-06T15:51:26.498Z", "dateUpdated": "2024-08-03T13:10:40.867Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4614
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1106523 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/168639 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 8.0.0.12 Version: 9.1.0.3 Version: 9.1.3 Version: 9.0.0.7 Version: 8.0.0.13 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:48.096Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1106523" }, { "name": "ibm-mq-cve20194614-dos (168639)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "8.0.0.11" }, { "status": "affected", "version": "9.0.0.6" }, { "status": "affected", "version": "8.0.0.12" }, { "status": "affected", "version": "9.1.0.3" }, { "status": "affected", "version": "9.1.3" }, { "status": "affected", "version": "9.0.0.7" }, { "status": "affected", "version": "8.0.0.13" } ] } ], "datePublic": "2020-01-24T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/C:N/AC:H/I:N/PR:L/UI:N/S:U/A:H/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-28T18:30:52", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1106523" }, { "name": "ibm-mq-cve20194614-dos (168639)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-01-24T00:00:00", "ID": "CVE-2019-4614", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "8.0.0.11" }, { "version_value": "9.0.0.6" }, { "version_value": "8.0.0.12" }, { "version_value": "9.1.0.3" }, { "version_value": "9.1.3" }, { "version_value": "9.0.0.7" }, { "version_value": "8.0.0.13" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1106523", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1106523 (MQ)", "url": "https://www.ibm.com/support/pages/node/1106523" }, { "name": "ibm-mq-cve20194614-dos (168639)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4614", "datePublished": "2020-01-28T18:30:52.540004Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T04:19:34.761Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1684
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/145456 | vdb-entry, x_refsource_XF | |
https://www.ibm.com/support/docview.wss?uid=ibm10734297 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.1 Version: 9.0.0.1 Version: 9.0.2 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 9.0.3 Version: 9.0.4 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.0.5 Version: 9.1.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T04:07:44.360Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ibm-websphere-cve20181684-dos(145456)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734297" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "9.0.2" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "9.0.3" }, { "status": "affected", "version": "9.0.4" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.0.5" }, { "status": "affected", "version": "9.1.0.0" } ] } ], "datePublic": "2018-11-07T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/AC:H/AV:N/C:N/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-08T23:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "ibm-websphere-cve20181684-dos(145456)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734297" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-11-07T00:00:00", "ID": "CVE-2018-1684", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.1" }, { "version_value": "9.0.0.1" }, { "version_value": "9.0.2" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "9.0.3" }, { "version_value": "9.0.4" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.0.5" }, { "version_value": "9.1.0.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "ibm-websphere-cve20181684-dos(145456)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456" }, { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10734297", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734297" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1684", "datePublished": "2018-11-09T00:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T22:26:38.249Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43902
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6890643 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/240832 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.588Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6890643" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240832" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2 CD, 9.2 LTS, 9.3 CD, 9.3 LTS" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832." } ], "value": "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "703 Improper Check or Handling of Exceptional Conditions", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-10T20:04:40.537099Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6890643" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240832" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-43902", "datePublished": "2023-03-01T20:44:15.672Z", "dateReserved": "2022-10-26T15:46:22.841Z", "dateUpdated": "2024-08-03T13:40:06.588Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4267
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6195384 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/175840 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.0 Version: 8.0.0.8 Version: 8.0.0.10 Version: 8.0.0.11 Version: 9.1.0.1 Version: 9.1.1 Version: 8.0.0.1 Version: 8.0.0.7 Version: 8.0.0.9 Version: 8.0.0.12 Version: 9.1.0.2 Version: 9.1.2 Version: 9.1.0.3 Version: 9.1.3 Version: 9.1 Version: 8.0.0.13 Version: 9.1.0.4 Version: 9.1.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:06.915Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6195384" }, { "name": "ibm-mq-cve20204267-dos (175840)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "8.0.0.11" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "8.0.0.12" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "9.1.0.3" }, { "status": "affected", "version": "9.1.3" }, { "status": "affected", "version": "9.1" }, { "status": "affected", "version": "8.0.0.13" }, { "status": "affected", "version": "9.1.0.4" }, { "status": "affected", "version": "9.1.4" } ] } ], "datePublic": "2020-04-22T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/C:N/UI:N/AC:H/S:U/I:N/PR:L/AV:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-24T15:50:21", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6195384" }, { "name": "ibm-mq-cve20204267-dos (175840)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-04-22T00:00:00", "ID": "CVE-2020-4267", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.10" }, { "version_value": "8.0.0.11" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.7" }, { "version_value": "8.0.0.9" }, { "version_value": "8.0.0.12" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "9.1.0.3" }, { "version_value": "9.1.3" }, { "version_value": "9.1" }, { "version_value": "8.0.0.13" }, { "version_value": "9.1.0.4" }, { "version_value": "9.1.4" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6195384", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6195384 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6195384" }, { "name": "ibm-mq-cve20204267-dos (175840)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4267", "datePublished": "2020-04-24T15:50:21.949654Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T23:01:18.469Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1760
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/126454 | x_refsource_MISC | |
http://www.ibm.com/support/docview.wss?uid=swg22005392 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 7.5 Version: 8.0 Version: 9.0 Version: 9.0.1 Version: 9.0.0.1 Version: 9.0.2 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 9.0.3 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:39:32.277Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126454" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22005392" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.5" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.0" }, { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "9.0.2" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "9.0.3" }, { "status": "affected", "version": "7.5.0.1" }, { "status": "affected", "version": "7.5.0.2" }, { "status": "affected", "version": "7.5.0.3" }, { "status": "affected", "version": "7.5.0.4" }, { "status": "affected", "version": "7.5.0.5" }, { "status": "affected", "version": "7.5.0.6" }, { "status": "affected", "version": "7.5.0.7" }, { "status": "affected", "version": "7.5.0.8" } ] } ], "datePublic": "2017-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-11T20:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126454" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22005392" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-12-06T00:00:00", "ID": "CVE-2017-1760", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "7.5" }, { "version_value": "8.0" }, { "version_value": "9.0" }, { "version_value": "9.0.1" }, { "version_value": "9.0.0.1" }, { "version_value": "9.0.2" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "9.0.3" }, { "version_value": "7.5.0.1" }, { "version_value": "7.5.0.2" }, { "version_value": "7.5.0.3" }, { "version_value": "7.5.0.4" }, { "version_value": "7.5.0.5" }, { "version_value": "7.5.0.6" }, { "version_value": "7.5.0.7" }, { "version_value": "7.5.0.8" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126454", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126454" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22005392", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22005392" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1760", "datePublished": "2017-12-11T21:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T18:18:02.093Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1371
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/137771 | x_refsource_MISC | |
http://www.ibm.com/support/docview.wss?uid=swg22012983 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:59:38.623Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137771" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22012983" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "9.0.4" }, { "status": "affected", "version": "8.0.0.8" } ] } ], "datePublic": "2018-04-13T00:00:00", "descriptions": [ { "lang": "en", "value": "An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-17T14:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137771" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22012983" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-04-13T00:00:00", "ID": "CVE-2018-1371", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.2" }, { "version_value": "9.0.4" }, { "version_value": "8.0.0.8" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137771", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137771" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22012983", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22012983" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1371", "datePublished": "2018-04-17T15:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T16:42:58.084Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1433
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/127803 | x_refsource_MISC | |
http://www.ibm.com/support/docview.wss?uid=swg22005525 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102163 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 7.5 Version: 8.0 Version: 9.0 Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:32:29.621Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22005525" }, { "name": "102163", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102163" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.5" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.0" }, { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "7.5.0.1" }, { "status": "affected", "version": "7.5.0.2" }, { "status": "affected", "version": "7.5.0.3" }, { "status": "affected", "version": "7.5.0.4" }, { "status": "affected", "version": "7.5.0.5" }, { "status": "affected", "version": "7.5.0.6" }, { "status": "affected", "version": "7.5.0.7" }, { "status": "affected", "version": "7.5.0.8" } ] } ], "datePublic": "2017-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-14T10:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22005525" }, { "name": "102163", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102163" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-12-06T00:00:00", "ID": "CVE-2017-1433", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "7.5" }, { "version_value": "8.0" }, { "version_value": "9.0" }, { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "7.5.0.1" }, { "version_value": "7.5.0.2" }, { "version_value": "7.5.0.3" }, { "version_value": "7.5.0.4" }, { "version_value": "7.5.0.5" }, { "version_value": "7.5.0.6" }, { "version_value": "7.5.0.7" }, { "version_value": "7.5.0.8" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22005525", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22005525" }, { "name": "102163", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102163" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1433", "datePublished": "2017-12-07T15:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T20:47:10.055Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4870
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6380742 | x_refsource_CONFIRM | |
https://www.ibm.com/support/pages/node/6386466 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/190833 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | IBM | MQ |
Version: 9.2.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.059Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6380742" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6386466" }, { "name": "ibm-mq-cve20204870-dos (190833)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2.0" } ] }, { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2.0.0" } ] } ], "datePublic": "2020-12-18T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/AC:H/S:U/UI:N/AV:N/A:H/I:N/C:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-21T17:50:32", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6380742" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6386466" }, { "name": "ibm-mq-cve20204870-dos (190833)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-12-18T00:00:00", "ID": "CVE-2020-4870", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.2.0" } ] } }, { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.2.0.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6380742", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6380742 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6380742" }, { "name": "https://www.ibm.com/support/pages/node/6386466", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6386466 (MQ)", "url": "https://www.ibm.com/support/pages/node/6386466" }, { "name": "ibm-mq-cve20204870-dos (190833)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4870", "datePublished": "2020-12-21T17:50:32.362789Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T03:22:23.347Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4338
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6172539 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/177937 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:07.163Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6172539" }, { "name": "ibm-mq-cve20204338-info-disc (177937)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177937" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1.4" } ] } ], "datePublic": "2020-04-15T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/PR:N/A:N/I:N/AC:H/AV:L/C:H/S:U/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-16T15:35:21", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6172539" }, { "name": "ibm-mq-cve20204338-info-disc (177937)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177937" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-04-15T00:00:00", "ID": "CVE-2020-4338", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.1.4" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "L", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6172539", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6172539 (MQ)", "url": "https://www.ibm.com/support/pages/node/6172539" }, { "name": "ibm-mq-cve20204338-info-disc (177937)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177937" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4338", "datePublished": "2020-04-16T15:35:21.704224Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T03:44:17.167Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4619
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1135101 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/168862 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 Version: 8.0.0.8 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.1.0.5 Version: 7.1.0.6 Version: 7.1.0.7 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 7.1.0.0 Version: 7.1.0.8 Version: 7.1.0.9 Version: 7.5.0.0 Version: 7.5.0.9 Version: 8.0.0.12 Version: 9.1.0.3 Version: 9.1.3 Version: 9.0.0.7 Version: 8.0.0.13 Version: 9.0.0.8 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:48.099Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1135101" }, { "name": "ibm-mq-cve20194619-info-disc (168862)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "7.5.0.1" }, { "status": "affected", "version": "7.5.0.2" }, { "status": "affected", "version": "7.5.0.3" }, { "status": "affected", "version": "7.5.0.4" }, { "status": "affected", "version": "7.5.0.5" }, { "status": "affected", "version": "7.5.0.6" }, { "status": "affected", "version": "7.5.0.7" }, { "status": "affected", "version": "7.5.0.8" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "7.1.0.1" }, { "status": "affected", "version": "7.1.0.2" }, { "status": "affected", "version": "7.1.0.3" }, { "status": "affected", "version": "7.1.0.4" }, { "status": "affected", "version": "7.1.0.5" }, { "status": "affected", "version": "7.1.0.6" }, { "status": "affected", "version": "7.1.0.7" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "8.0.0.11" }, { "status": "affected", "version": "9.0.0.6" }, { "status": "affected", "version": "7.1.0.0" }, { "status": "affected", "version": "7.1.0.8" }, { "status": "affected", "version": "7.1.0.9" }, { "status": "affected", "version": "7.5.0.0" }, { "status": "affected", "version": "7.5.0.9" }, { "status": "affected", "version": "8.0.0.12" }, { "status": "affected", "version": "9.1.0.3" }, { "status": "affected", "version": "9.1.3" }, { "status": "affected", "version": "9.0.0.7" }, { "status": "affected", "version": "8.0.0.13" }, { "status": "affected", "version": "9.0.0.8" } ] } ], "datePublic": "2020-03-13T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/AV:L/AC:H/A:N/I:N/UI:N/S:U/C:H/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-16T15:25:19", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1135101" }, { "name": "ibm-mq-cve20194619-info-disc (168862)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-03-13T00:00:00", "ID": "CVE-2019-4619", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "7.5.0.1" }, { "version_value": "7.5.0.2" }, { "version_value": "7.5.0.3" }, { "version_value": "7.5.0.4" }, { "version_value": "7.5.0.5" }, { "version_value": "7.5.0.6" }, { "version_value": "7.5.0.7" }, { "version_value": "7.5.0.8" }, { "version_value": "8.0.0.8" }, { "version_value": "7.1.0.1" }, { "version_value": "7.1.0.2" }, { "version_value": "7.1.0.3" }, { "version_value": "7.1.0.4" }, { "version_value": "7.1.0.5" }, { "version_value": "7.1.0.6" }, { "version_value": "7.1.0.7" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "8.0.0.11" }, { "version_value": "9.0.0.6" }, { "version_value": "7.1.0.0" }, { "version_value": "7.1.0.8" }, { "version_value": "7.1.0.9" }, { "version_value": "7.5.0.0" }, { "version_value": "7.5.0.9" }, { "version_value": "8.0.0.12" }, { "version_value": "9.1.0.3" }, { "version_value": "9.1.3" }, { "version_value": "9.0.0.7" }, { "version_value": "8.0.0.13" }, { "version_value": "9.0.0.8" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "L", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1135101", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1135101 (MQ)", "url": "https://www.ibm.com/support/pages/node/1135101" }, { "name": "ibm-mq-cve20194619-info-disc (168862)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4619", "datePublished": "2020-03-16T15:25:20.026505Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T20:12:49.114Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1341
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/126456 | x_refsource_MISC | |
http://www.ibm.com/support/docview.wss?uid=swg22005400 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102042 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:32:29.322Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22005400" }, { "name": "102042", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102042" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0" }, { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "9.0.2" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.3" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456." } ], "problemTypes": [ { "descriptions": [ { "description": "Bypass Security", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-08T10:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22005400" }, { "name": "102042", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102042" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-1341", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0" }, { "version_value": "9.0.1" }, { "version_value": "9.0.0.1" }, { "version_value": "9.0.2" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Bypass Security" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22005400", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22005400" }, { "name": "102042", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102042" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1341", "datePublished": "2017-12-07T15:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T18:45:12.994Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-31919
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7157979 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/290259 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD cpe:2.3:a:ibm:mq_appliance:9.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-31919", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-28T20:05:02.070837Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-28T20:05:09.505Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:59:50.566Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7157979" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/290259" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259." } ], "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-28T17:35:03.687Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7157979" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/290259" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-31919", "datePublished": "2024-06-28T17:34:15.469Z", "dateReserved": "2024-04-07T12:45:15.767Z", "dateUpdated": "2024-08-02T01:59:50.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1284
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=swg22003851 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/125145 | x_refsource_MISC | |
http://www.securityfocus.com/bid/99494 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:32:27.887Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22003851" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145" }, { "name": "99494", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99494" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.2" } ] } ], "datePublic": "2017-07-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145." } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-11T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22003851" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145" }, { "name": "99494", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99494" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-07-06T00:00:00", "ID": "CVE-2017-1284", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.1" }, { "version_value": "9.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22003851", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22003851" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145" }, { "name": "99494", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99494" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1284", "datePublished": "2017-07-10T16:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T21:09:05.853Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-35155
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7158059 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/292765 | vdb-entry |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-35155", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-01T18:17:29.270193Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-01T18:43:20.905Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:07:46.739Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7158059" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292765" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.3 LTS and 9.3 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765." } ], "value": "IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-28T17:40:37.828Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7158059" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292765" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ information disclosure", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-35155", "datePublished": "2024-06-28T17:40:37.828Z", "dateReserved": "2024-05-09T16:27:47.447Z", "dateUpdated": "2024-08-02T03:07:46.739Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1557
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/131547 | x_refsource_MISC | |
http://www.securityfocus.com/bid/102418 | vdb-entry, x_refsource_BID | |
http://www.ibm.com/support/docview.wss?uid=swg22004378 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:39:30.599Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547" }, { "name": "102418", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102418" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22004378" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.0" }, { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "9.0.2" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.3" } ] } ], "datePublic": "2017-12-22T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-06T10:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547" }, { "name": "102418", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102418" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22004378" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-12-22T00:00:00", "ID": "CVE-2017-1557", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "9.0" }, { "version_value": "9.0.1" }, { "version_value": "9.0.0.1" }, { "version_value": "9.0.2" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547" }, { "name": "102418", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102418" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22004378", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22004378" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1557", "datePublished": "2018-01-02T17:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T17:47:56.777Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26285
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6986563 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/248418 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:46:23.509Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6986563" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248418" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2 CD, 9.2 LTS, 9.3 CD, 9.3 LTS" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418." } ], "value": "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-05T15:16:00.291Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6986563" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248418" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-26285", "datePublished": "2023-05-05T15:16:00.291Z", "dateReserved": "2023-02-21T13:55:50.151Z", "dateUpdated": "2024-08-02T11:46:23.509Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22874
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6985901 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/244216 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:31.017Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6985901" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244216" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2 CD, 9.3 CD, and 9.3 LTS" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216." } ], "value": "IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "703 Improper Check or Handling of Exceptional Conditions", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-05T14:57:23.735Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6985901" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244216" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-22874", "datePublished": "2023-05-05T14:57:23.735Z", "dateReserved": "2023-01-09T15:16:49.250Z", "dateUpdated": "2024-08-02T10:20:31.017Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4682
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6408626 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/186509 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:57.859Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6408626" }, { "name": "ibm-mq-cve20204682-code-exec (186509)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0.0" }, { "status": "affected", "version": "9.0.0" }, { "status": "affected", "version": "9.1.0" }, { "status": "affected", "version": "7.5.0" }, { "status": "affected", "version": "9.2.0" } ] } ], "datePublic": "2021-01-27T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.1, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/I:H/S:U/C:H/UI:N/A:H/AV:N/PR:N/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-28T12:55:15", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6408626" }, { "name": "ibm-mq-cve20204682-code-exec (186509)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-27T00:00:00", "ID": "CVE-2020-4682", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "8.0.0" }, { "version_value": "9.0.0" }, { "version_value": "9.1.0" }, { "version_value": "7.5.0" }, { "version_value": "9.2.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6408626", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6408626 (MQ)", "url": "https://www.ibm.com/support/pages/node/6408626" }, { "name": "ibm-mq-cve20204682-code-exec (186509)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4682", "datePublished": "2021-01-28T12:55:15.366622Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T19:04:36.558Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1419
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=swg22014650 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/104488 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/138949 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:59:39.068Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22014650" }, { "name": "104488", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104488" }, { "name": "ibm-websphere-cve20181419-dos(138949)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138949" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.0" }, { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "9.0.2" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "9.0.3" }, { "status": "affected", "version": "9.0.4" }, { "status": "affected", "version": "8.0.0.8" } ] } ], "datePublic": "2018-06-12T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.2, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:L/AC:H/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-19T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22014650" }, { "name": "104488", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104488" }, { "name": "ibm-websphere-cve20181419-dos(138949)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138949" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-06-12T00:00:00", "ID": "CVE-2018-1419", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "9.0" }, { "version_value": "9.0.1" }, { "version_value": "9.0.0.1" }, { "version_value": "9.0.2" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "9.0.3" }, { "version_value": "9.0.4" }, { "version_value": "8.0.0.8" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22014650", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22014650" }, { "name": "104488", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104488" }, { "name": "ibm-websphere-cve20181419-dos(138949)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138949" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1419", "datePublished": "2018-06-15T14:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T20:57:17.398Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-40681
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7167732 | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-40681", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T14:10:20.594086Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T14:10:29.962Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager." } ], "value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-31T16:31:36.738Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7167732" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ security bypass", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-40681", "datePublished": "2024-09-07T14:09:19.767Z", "dateReserved": "2024-07-08T19:30:52.529Z", "dateUpdated": "2024-10-31T16:31:36.738Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-25015
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7149583 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/281278 | vdb-entry |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "mq", "vendor": "ibm", "versions": [ { "status": "affected", "version": "9.2 LTS" }, { "status": "affected", "version": "9.3 LTS" }, { "status": "affected", "version": "9.3 CD" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-25015", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-05T18:12:08.972815Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-05T18:16:18.663Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:36:21.594Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7149583" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281278" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2 LTS, 9.3 LTS, 9.3 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278." } ], "value": "IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-406", "description": "CWE-406 Insufficient Control of Network Message Volume (Network Amplification)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-01T16:16:16.641Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7149583" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281278" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-25015", "datePublished": "2024-05-01T16:16:16.641Z", "dateReserved": "2024-02-03T14:48:56.576Z", "dateUpdated": "2024-08-01T23:36:21.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28514
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6985835 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/250398 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:43:22.257Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6985835" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250398" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0, 9.0 LTS, 9.0 CD, 9.1 LTS" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398." } ], "value": "IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-19T14:43:45.786Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6985835" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250398" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ information disclosure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-28514", "datePublished": "2023-05-19T14:43:45.786Z", "dateReserved": "2023-03-16T21:05:38.974Z", "dateUpdated": "2024-08-02T13:43:22.257Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4656
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1135095 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/170967 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 Version: 8.0.0.8 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.1.0.5 Version: 7.1.0.6 Version: 7.1.0.7 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 7.1.0.0 Version: 7.1.0.8 Version: 7.1.0.9 Version: 7.5.0.0 Version: 7.5.0.9 Version: 8.0.0.12 Version: 9.1.0.3 Version: 9.1.3 Version: 9.0.0.7 Version: 8.0.0.13 Version: 9.0.0.8 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:48.365Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1135095" }, { "name": "ibm-mq-cve20194656-dos (170967)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "7.5.0.1" }, { "status": "affected", "version": "7.5.0.2" }, { "status": "affected", "version": "7.5.0.3" }, { "status": "affected", "version": "7.5.0.4" }, { "status": "affected", "version": "7.5.0.5" }, { "status": "affected", "version": "7.5.0.6" }, { "status": "affected", "version": "7.5.0.7" }, { "status": "affected", "version": "7.5.0.8" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "7.1.0.1" }, { "status": "affected", "version": "7.1.0.2" }, { "status": "affected", "version": "7.1.0.3" }, { "status": "affected", "version": "7.1.0.4" }, { "status": "affected", "version": "7.1.0.5" }, { "status": "affected", "version": "7.1.0.6" }, { "status": "affected", "version": "7.1.0.7" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "8.0.0.11" }, { "status": "affected", "version": "9.0.0.6" }, { "status": "affected", "version": "7.1.0.0" }, { "status": "affected", "version": "7.1.0.8" }, { "status": "affected", "version": "7.1.0.9" }, { "status": "affected", "version": "7.5.0.0" }, { "status": "affected", "version": "7.5.0.9" }, { "status": "affected", "version": "8.0.0.12" }, { "status": "affected", "version": "9.1.0.3" }, { "status": "affected", "version": "9.1.3" }, { "status": "affected", "version": "9.0.0.7" }, { "status": "affected", "version": "8.0.0.13" }, { "status": "affected", "version": "9.0.0.8" } ] } ], "datePublic": "2020-03-13T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/C:N/S:U/A:H/I:N/AC:L/PR:L/AV:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-16T15:25:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1135095" }, { "name": "ibm-mq-cve20194656-dos (170967)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-03-13T00:00:00", "ID": "CVE-2019-4656", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "7.5.0.1" }, { "version_value": "7.5.0.2" }, { "version_value": "7.5.0.3" }, { "version_value": "7.5.0.4" }, { "version_value": "7.5.0.5" }, { "version_value": "7.5.0.6" }, { "version_value": "7.5.0.7" }, { "version_value": "7.5.0.8" }, { "version_value": "8.0.0.8" }, { "version_value": "7.1.0.1" }, { "version_value": "7.1.0.2" }, { "version_value": "7.1.0.3" }, { "version_value": "7.1.0.4" }, { "version_value": "7.1.0.5" }, { "version_value": "7.1.0.6" }, { "version_value": "7.1.0.7" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "8.0.0.11" }, { "version_value": "9.0.0.6" }, { "version_value": "7.1.0.0" }, { "version_value": "7.1.0.8" }, { "version_value": "7.1.0.9" }, { "version_value": "7.5.0.0" }, { "version_value": "7.5.0.9" }, { "version_value": "8.0.0.12" }, { "version_value": "9.1.0.3" }, { "version_value": "9.1.3" }, { "version_value": "9.0.0.7" }, { "version_value": "8.0.0.13" }, { "version_value": "9.0.0.8" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1135095", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1135095 (MQ)", "url": "https://www.ibm.com/support/pages/node/1135095" }, { "name": "ibm-mq-cve20194656-dos (170967)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4656", "datePublished": "2020-03-16T15:25:20.439438Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T04:18:51.019Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1786
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=swg22013023 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/136975 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:39:32.314Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22013023" }, { "name": "ibm-websphere-cve20171786-dos(136975)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.0" }, { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "9.0.2" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "9.0.3" }, { "status": "affected", "version": "9.0.4" }, { "status": "affected", "version": "8.0.0.8" } ] } ], "datePublic": "2018-04-17T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-23T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22013023" }, { "name": "ibm-websphere-cve20171786-dos(136975)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-04-17T00:00:00", "ID": "CVE-2017-1786", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "9.0" }, { "version_value": "9.0.1" }, { "version_value": "9.0.0.1" }, { "version_value": "9.0.2" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "9.0.3" }, { "version_value": "9.0.4" }, { "version_value": "8.0.0.8" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22013023", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22013023" }, { "name": "ibm-websphere-cve20171786-dos(136975)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1786", "datePublished": "2018-04-23T13:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T16:14:08.508Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1117
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/99136 | vdb-entry, x_refsource_BID | |
http://www.ibm.com/support/docview.wss?uid=swg22001468 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/121155 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:25:17.207Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "99136", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99136" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22001468" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121155" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.0" }, { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" } ] } ], "datePublic": "2017-06-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-22T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "99136", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99136" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22001468" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121155" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2017-1117", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "9.0" }, { "version_value": "9.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "99136", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99136" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22001468", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22001468" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121155", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121155" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1117", "datePublished": "2017-06-21T18:00:00", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-08-05T13:25:17.207Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4039
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/docview.wss?uid=ibm10870492 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/156163 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 8.0.0.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:27.901Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870492" }, { "name": "ibm-websphere-cve20194039-dos (156163)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156163" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "8.0.0.11" } ] } ], "datePublic": "2019-05-21T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:N/S:U/UI:N/AV:L/A:H/C:N/AC:L/PR:N/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-23T14:05:15", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870492" }, { "name": "ibm-websphere-cve20194039-dos (156163)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156163" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-05-21T00:00:00", "ID": "CVE-2019-4039", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "8.0.0.11" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10870492", "refsource": "CONFIRM", "title": "IBM Security Bulletin 0870492 (MQ)", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870492" }, { "name": "ibm-websphere-cve20194039-dos (156163)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156163" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4039", "datePublished": "2019-05-23T14:05:15.446631Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T01:16:15.846Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4762
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/4832931 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/173625 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:49.085Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/4832931" }, { "name": "ibm-mq-cve20194762-dos (173625)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173625" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "9.0.0.6" }, { "status": "affected", "version": "9.1.3" }, { "status": "affected", "version": "9.0.0.7" }, { "status": "affected", "version": "9.0.0.8" }, { "status": "affected", "version": "9.1.4" } ] } ], "datePublic": "2020-04-15T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. IBM X-Force ID: 173625." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/PR:N/UI:N/S:U/C:N/AV:N/AC:H/I:N/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-16T15:35:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/4832931" }, { "name": "ibm-mq-cve20194762-dos (173625)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173625" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-04-15T00:00:00", "ID": "CVE-2019-4762", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "9.0.0.2" }, { "version_value": "9.0.0.3" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1.0.0" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "9.0.0.6" }, { "version_value": "9.1.3" }, { "version_value": "9.0.0.7" }, { "version_value": "9.0.0.8" }, { "version_value": "9.1.4" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. IBM X-Force ID: 173625." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/4832931", "refsource": "CONFIRM", "title": "IBM Security Bulletin 4832931 (MQ)", "url": "https://www.ibm.com/support/pages/node/4832931" }, { "name": "ibm-mq-cve20194762-dos (173625)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173625" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4762", "datePublished": "2020-04-16T15:35:20.739686Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T16:24:00.341Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1974
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/153915 | vdb-entry, x_refsource_XF | |
https://www.ibm.com/support/docview.wss?uid=ibm10792043 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T04:14:39.474Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ibm-websphere-cve20181974-priv-escalation(153915)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153915" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10792043" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" } ] } ], "datePublic": "2019-03-08T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/AC:H/AV:N/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-11T21:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "ibm-websphere-cve20181974-priv-escalation(153915)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153915" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10792043" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-03-08T00:00:00", "ID": "CVE-2018-1974", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "H", "I": "H", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "ibm-websphere-cve20181974-priv-escalation(153915)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153915" }, { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10792043", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10792043" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1974", "datePublished": "2019-03-11T22:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T16:43:47.558Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1236
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=swg22003510 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99505 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/124354 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:25:17.451Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22003510" }, { "name": "99505", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99505" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-11T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22003510" }, { "name": "99505", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99505" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-1236", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22003510", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22003510" }, { "name": "99505", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99505" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1236", "datePublished": "2017-07-06T14:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T17:37:47.300Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4310
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6223914 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/177081 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | IBM | WebSphere MQ |
Version: 7.1 Version: 7.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:06.987Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6223914" }, { "name": "ibm-mq-cve20204310-dos (177081)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177081" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebSphere MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.5" } ] }, { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.0.LTS" }, { "status": "affected", "version": "9.1.LTS" }, { "status": "affected", "version": "9.1.CD" } ] } ], "datePublic": "2020-06-12T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/I:N/PR:N/S:U/A:H/UI:N/C:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-16T13:45:21", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6223914" }, { "name": "ibm-mq-cve20204310-dos (177081)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177081" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-06-12T00:00:00", "ID": "CVE-2020-4310", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebSphere MQ", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.5" } ] } }, { "product_name": "MQ", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "9.0.LTS" }, { "version_value": "9.1.LTS" }, { "version_value": "9.1.CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6223914", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6223914 (WebSphere MQ)", "url": "https://www.ibm.com/support/pages/node/6223914" }, { "name": "ibm-mq-cve20204310-dos (177081)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177081" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4310", "datePublished": "2020-06-16T13:45:21.461931Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T01:10:57.169Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1883
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/151969 | vdb-entry, x_refsource_XF | |
https://www.ibm.com/support/docview.wss?uid=ibm10738197 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/106146 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T04:14:38.748Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ibm-websphere-cve20181883-dos(151969)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151969" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10738197" }, { "name": "106146", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106146" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.2" }, { "status": "affected", "version": "9.0.3" }, { "status": "affected", "version": "9.0.4" }, { "status": "affected", "version": "9.0.5" }, { "status": "affected", "version": "9.1.0.0" } ] } ], "datePublic": "2018-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-10T10:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "ibm-websphere-cve20181883-dos(151969)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151969" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10738197" }, { "name": "106146", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106146" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-12-05T00:00:00", "ID": "CVE-2018-1883", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.2" }, { "version_value": "9.0.3" }, { "version_value": "9.0.4" }, { "version_value": "9.0.5" }, { "version_value": "9.1.0.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "ibm-websphere-cve20181883-dos(151969)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151969" }, { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10738197", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10738197" }, { "name": "106146", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106146" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1883", "datePublished": "2018-12-07T16:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T22:13:59.986Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4320
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/5736885 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/177403 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:07.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/5736885" }, { "name": "ibm-mq-cve20204320-dos (177403)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177403" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.0.LTS" }, { "status": "affected", "version": "9.1.LTS" }, { "status": "affected", "version": "9.1.CD" } ] } ], "datePublic": "2020-06-15T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/I:N/AC:H/S:U/PR:L/A:H/C:N/UI:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-16T13:45:21", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/5736885" }, { "name": "ibm-mq-cve20204320-dos (177403)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177403" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-06-15T00:00:00", "ID": "CVE-2020-4320", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "9.0.LTS" }, { "version_value": "9.1.LTS" }, { "version_value": "9.1.CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/5736885", "refsource": "CONFIRM", "title": "IBM Security Bulletin 5736885 (MQ)", "url": "https://www.ibm.com/support/pages/node/5736885" }, { "name": "ibm-mq-cve20204320-dos (177403)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177403" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4320", "datePublished": "2020-06-16T13:45:21.961104Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T20:58:27.407Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-31912
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7158072 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/289894 | vdb-entry |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-31912", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-01T20:24:18.810776Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-01T21:23:26.370Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:59:50.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7158072" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/289894" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.3 LTS and 9.3 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894." } ], "value": "IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-28T17:38:11.302Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7158072" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/289894" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ privilege escalation", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-31912", "datePublished": "2024-06-28T17:38:11.302Z", "dateReserved": "2024-04-07T12:45:15.766Z", "dateUpdated": "2024-08-02T01:59:50.542Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-40680
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7167732 | vendor-advisory |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-40680", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T14:09:47.896534Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T14:10:08.338Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.3 CD, 9.4 LTS, 9.4 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault." } ], "value": "IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-789", "description": "CWE-789 Uncontrolled Memory Allocation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-31T16:26:59.453Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7167732" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-40680", "datePublished": "2024-09-07T14:02:30.422Z", "dateReserved": "2024-07-08T19:30:52.529Z", "dateUpdated": "2024-10-31T16:26:59.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-35116
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7157387 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/290335 | vdb-entry | |
https://www.ibm.com/support/pages/node/7158071 | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD cpe:2.3:a:ibm:mq_appliance:9.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-35116", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-01T18:02:58.397744Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-08T17:21:11.921Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:07:46.479Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7157387" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/290335" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7158071" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335." } ], "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-789", "description": "CWE-789 Uncontrolled Memory Allocation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-28T18:20:50.152Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7157387" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/290335" }, { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7158071" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-35116", "datePublished": "2024-06-28T18:20:50.152Z", "dateReserved": "2024-05-09T16:27:02.679Z", "dateUpdated": "2024-08-02T03:07:46.479Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1792
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105936 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/148947 | vdb-entry, x_refsource_XF | |
https://www.ibm.com/support/docview.wss?uid=ibm10734447 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.1 Version: 9.0.0.1 Version: 9.0.2 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 9.0.3 Version: 9.0.4 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.0.5 Version: 9.1.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T04:14:38.346Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105936", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105936" }, { "name": "ibm-websphere-cve20181792-priv-escalation(148947)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734447" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "9.0.2" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "9.0.3" }, { "status": "affected", "version": "9.0.4" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.0.5" }, { "status": "affected", "version": "9.1.0.0" } ] } ], "datePublic": "2018-11-12T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 7.7, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:L/S:C/UI:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-16T10:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "105936", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105936" }, { "name": "ibm-websphere-cve20181792-priv-escalation(148947)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734447" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-11-12T00:00:00", "ID": "CVE-2018-1792", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.1" }, { "version_value": "9.0.0.1" }, { "version_value": "9.0.2" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "9.0.3" }, { "version_value": "9.0.4" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.0.5" }, { "version_value": "9.1.0.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "L", "S": "C", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "105936", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105936" }, { "name": "ibm-websphere-cve20181792-priv-escalation(148947)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947" }, { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10734447", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734447" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1792", "datePublished": "2018-11-13T15:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T16:27:25.936Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51470
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7179137 | vendor-advisory | |
https://www.ibm.com/support/pages/node/7178085 | vendor-advisory | |
https://www.ibm.com/support/pages/node/7177593 | vendor-advisory |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | IBM | MQ |
Version: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:* |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-51470", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-18T20:24:17.133411Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-18T20:24:38.409Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD" } ] }, { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.3 LTS, 9.3 CD, 9.4 LTS" } ] }, { "cpes": [ "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ for HPE NonStop", "vendor": "IBM", "versions": [ { "lessThanOrEqual": "8.1.0.25", "status": "affected", "version": "8.1.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ\u0026nbsp;9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u0026nbsp;9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u0026nbsp;could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.\u003c/span\u003e" } ], "value": "IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-18T19:56:10.377Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7179137" }, { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7178085" }, { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7177593" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-51470", "datePublished": "2024-12-18T19:56:10.377Z", "dateReserved": "2024-10-28T10:50:18.700Z", "dateUpdated": "2024-12-18T20:24:38.409Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38986
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6560032 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/212942 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.2 LTS Version: 9.2 CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:16.429Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6560032" }, { "name": "ibm-mq-cve202138986-session-fixation (212942)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212942" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2 LTS" }, { "status": "affected", "version": "9.2 CD" } ] } ], "datePublic": "2022-02-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.9, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/S:U/I:L/PR:N/C:L/AV:N/UI:N/A:L/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-01T16:45:25", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6560032" }, { "name": "ibm-mq-cve202138986-session-fixation (212942)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212942" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-02-28T00:00:00", "ID": "CVE-2021-38986", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.2 LTS" }, { "version_value": "9.2 CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "H", "AV": "N", "C": "L", "I": "L", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6560032", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6560032 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6560032" }, { "name": "ibm-mq-cve202138986-session-fixation (212942)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212942" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38986", "datePublished": "2022-03-01T16:45:25.622031Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-17T01:36:34.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22321
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6560042 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/218368 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.2 LTS Version: 9.2 CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:07:50.236Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6560042" }, { "name": "ibm-mq-cve202222321-info-disc (218368)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2 LTS" }, { "status": "affected", "version": "9.2 CD" } ] } ], "datePublic": "2022-02-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AV:L/UI:N/C:H/PR:N/I:N/S:U/AC:H/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-01T16:45:26", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6560042" }, { "name": "ibm-mq-cve202222321-info-disc (218368)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-02-28T00:00:00", "ID": "CVE-2022-22321", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.2 LTS" }, { "version_value": "9.2 CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "L", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6560042", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6560042 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6560042" }, { "name": "ibm-mq-cve202222321-info-disc (218368)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22321", "datePublished": "2022-03-01T16:45:26.994220Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-16T18:03:45.740Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-25016
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7123139 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/281279 | vdb-entry |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-25016", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-05T15:59:06.334619Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:35:38.636Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:36:21.339Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7123139" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281279" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279." } ], "value": "IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-03T03:09:09.906Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7123139" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281279" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-25016", "datePublished": "2024-03-03T03:09:09.906Z", "dateReserved": "2024-02-03T14:48:56.576Z", "dateUpdated": "2024-08-01T23:36:21.339Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6089
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/117926 | x_refsource_MISC | |
http://www.ibm.com/support/docview.wss?uid=swg22003509 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98770 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:22:20.111Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22003509" }, { "name": "98770", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98770" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "9.0.2" } ] } ], "datePublic": "2017-05-31T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926." } ], "problemTypes": [ { "descriptions": [ { "description": "File Manipulation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-08T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22003509" }, { "name": "98770", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98770" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2016-6089", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "9.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "File Manipulation" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22003509", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22003509" }, { "name": "98770", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98770" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2016-6089", "datePublished": "2017-06-07T17:00:00", "dateReserved": "2016-06-29T00:00:00", "dateUpdated": "2024-08-06T01:22:20.111Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4141
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/876772 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/158337 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 Version: 8.0.0.8 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.1.0.5 Version: 7.1.0.6 Version: 7.1.0.7 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 7.1.0.0 Version: 7.1.0.8 Version: 7.1.0.9 Version: 7.5.0.0 Version: 7.5.0.9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:27.932Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/876772" }, { "name": "ibm-websphere-cve20194141-dos (158337)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "7.5.0.1" }, { "status": "affected", "version": "7.5.0.2" }, { "status": "affected", "version": "7.5.0.3" }, { "status": "affected", "version": "7.5.0.4" }, { "status": "affected", "version": "7.5.0.5" }, { "status": "affected", "version": "7.5.0.6" }, { "status": "affected", "version": "7.5.0.7" }, { "status": "affected", "version": "7.5.0.8" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "7.1.0.2" }, { "status": "affected", "version": "7.1.0.3" }, { "status": "affected", "version": "7.1.0.4" }, { "status": "affected", "version": "7.1.0.5" }, { "status": "affected", "version": "7.1.0.6" }, { "status": "affected", "version": "7.1.0.7" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "8.0.0.11" }, { "status": "affected", "version": "9.0.0.6" }, { "status": "affected", "version": "7.1.0.0" }, { "status": "affected", "version": "7.1.0.8" }, { "status": "affected", "version": "7.1.0.9" }, { "status": "affected", "version": "7.5.0.0" }, { "status": "affected", "version": "7.5.0.9" } ] } ], "datePublic": "2019-09-25T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/S:U/I:N/A:H/C:N/AV:N/AC:H/PR:L/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-27T14:00:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/876772" }, { "name": "ibm-websphere-cve20194141-dos (158337)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-09-25T00:00:00", "ID": "CVE-2019-4141", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "7.5.0.1" }, { "version_value": "7.5.0.2" }, { "version_value": "7.5.0.3" }, { "version_value": "7.5.0.4" }, { "version_value": "7.5.0.5" }, { "version_value": "7.5.0.6" }, { "version_value": "7.5.0.7" }, { "version_value": "7.5.0.8" }, { "version_value": "8.0.0.8" }, { "version_value": "7.1.0.2" }, { "version_value": "7.1.0.3" }, { "version_value": "7.1.0.4" }, { "version_value": "7.1.0.5" }, { "version_value": "7.1.0.6" }, { "version_value": "7.1.0.7" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "8.0.0.11" }, { "version_value": "9.0.0.6" }, { "version_value": "7.1.0.0" }, { "version_value": "7.1.0.8" }, { "version_value": "7.1.0.9" }, { "version_value": "7.5.0.0" }, { "version_value": "7.5.0.9" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/876772", "refsource": "CONFIRM", "title": "IBM Security Bulletin 876772 (MQ)", "url": "https://www.ibm.com/support/pages/node/876772" }, { "name": "ibm-websphere-cve20194141-dos (158337)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4141", "datePublished": "2019-09-27T14:00:20.780461Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T18:43:22.998Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1747
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/135520 | x_refsource_MISC | |
http://www.ibm.com/support/docview.wss?uid=swg22012992 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103590 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:39:32.289Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135520" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22012992" }, { "name": "103590", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103590" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0" }, { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "9.0.2" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "9.0.3" }, { "status": "affected", "version": "9.0.4" } ] } ], "datePublic": "2018-03-29T00:00:00", "descriptions": [ { "lang": "en", "value": "A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/AC:H/AV:N/C:N/I:N/PR:L/S:U/UI:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135520" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22012992" }, { "name": "103590", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103590" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-03-29T00:00:00", "ID": "CVE-2017-1747", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0" }, { "version_value": "9.0.1" }, { "version_value": "9.0.0.1" }, { "version_value": "9.0.2" }, { "version_value": "9.0.0.2" }, { "version_value": "9.0.3" }, { "version_value": "9.0.4" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135520", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135520" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22012992", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22012992" }, { "name": "103590", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103590" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1747", "datePublished": "2018-03-30T16:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-17T03:42:57.406Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4719
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1136608 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/172124 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 Version: 8.0.0.8 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.1.0.5 Version: 7.1.0.6 Version: 7.1.0.7 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 7.1.0.0 Version: 7.1.0.8 Version: 7.1.0.9 Version: 7.5.0.0 Version: 7.5.0.9 Version: 8.0.0.12 Version: 9.1.0.3 Version: 9.1.3 Version: 9.0.0.7 Version: 8.0.0.13 Version: 9.0.0.8 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:49.188Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1136608" }, { "name": "ibm-mq-cve20194719-info-disc (172124)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "7.5.0.1" }, { "status": "affected", "version": "7.5.0.2" }, { "status": "affected", "version": "7.5.0.3" }, { "status": "affected", "version": "7.5.0.4" }, { "status": "affected", "version": "7.5.0.5" }, { "status": "affected", "version": "7.5.0.6" }, { "status": "affected", "version": "7.5.0.7" }, { "status": "affected", "version": "7.5.0.8" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "7.1.0.1" }, { "status": "affected", "version": "7.1.0.2" }, { "status": "affected", "version": "7.1.0.3" }, { "status": "affected", "version": "7.1.0.4" }, { "status": "affected", "version": "7.1.0.5" }, { "status": "affected", "version": "7.1.0.6" }, { "status": "affected", "version": "7.1.0.7" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "8.0.0.11" }, { "status": "affected", "version": "9.0.0.6" }, { "status": "affected", "version": "7.1.0.0" }, { "status": "affected", "version": "7.1.0.8" }, { "status": "affected", "version": "7.1.0.9" }, { "status": "affected", "version": "7.5.0.0" }, { "status": "affected", "version": "7.5.0.9" }, { "status": "affected", "version": "8.0.0.12" }, { "status": "affected", "version": "9.1.0.3" }, { "status": "affected", "version": "9.1.3" }, { "status": "affected", "version": "9.0.0.7" }, { "status": "affected", "version": "8.0.0.13" }, { "status": "affected", "version": "9.0.0.8" } ] } ], "datePublic": "2020-03-13T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/AV:L/PR:N/AC:H/A:N/UI:N/C:H/I:N/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-16T15:25:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1136608" }, { "name": "ibm-mq-cve20194719-info-disc (172124)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-03-13T00:00:00", "ID": "CVE-2019-4719", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "7.5.0.1" }, { "version_value": "7.5.0.2" }, { "version_value": "7.5.0.3" }, { "version_value": "7.5.0.4" }, { "version_value": "7.5.0.5" }, { "version_value": "7.5.0.6" }, { "version_value": "7.5.0.7" }, { "version_value": "7.5.0.8" }, { "version_value": "8.0.0.8" }, { "version_value": "7.1.0.1" }, { "version_value": "7.1.0.2" }, { "version_value": "7.1.0.3" }, { "version_value": "7.1.0.4" }, { "version_value": "7.1.0.5" }, { "version_value": "7.1.0.6" }, { "version_value": "7.1.0.7" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "8.0.0.11" }, { "version_value": "9.0.0.6" }, { "version_value": "7.1.0.0" }, { "version_value": "7.1.0.8" }, { "version_value": "7.1.0.9" }, { "version_value": "7.5.0.0" }, { "version_value": "7.5.0.9" }, { "version_value": "8.0.0.12" }, { "version_value": "9.1.0.3" }, { "version_value": "9.1.3" }, { "version_value": "9.0.0.7" }, { "version_value": "8.0.0.13" }, { "version_value": "9.0.0.8" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "L", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1136608", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1136608 (MQ)", "url": "https://www.ibm.com/support/pages/node/1136608" }, { "name": "ibm-mq-cve20194719-info-disc (172124)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4719", "datePublished": "2020-03-16T15:25:20.927352Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T18:49:55.996Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1285
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/125146 | x_refsource_MISC | |
https://www.ibm.com/support/docview.wss?uid=swg22003856 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99538 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:32:28.480Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=swg22003856" }, { "name": "99538", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99538" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.2" } ] } ], "datePublic": "2017-07-10T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-13T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=swg22003856" }, { "name": "99538", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99538" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-07-10T00:00:00", "ID": "CVE-2017-1285", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.1" }, { "version_value": "9.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146" }, { "name": "https://www.ibm.com/support/docview.wss?uid=swg22003856", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=swg22003856" }, { "name": "99538", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99538" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1285", "datePublished": "2017-07-12T17:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T20:02:13.078Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1836
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/docview.wss?uid=ibm10734457 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/150661 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/107530 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T04:14:38.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734457" }, { "name": "ibm-websphere-cve20181836-xss (150661)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150661" }, { "name": "107530", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/107530" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.2" }, { "status": "affected", "version": "9.0.3" }, { "status": "affected", "version": "9.0.4" }, { "status": "affected", "version": "9.0.5" }, { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" } ] } ], "datePublic": "2019-03-14T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:L/AV:N/C:L/UI:R/PR:L/I:L/S:C/A:N/RL:O/E:H/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-22T12:06:04", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734457" }, { "name": "ibm-websphere-cve20181836-xss (150661)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150661" }, { "name": "107530", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/107530" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-03-14T00:00:00", "ID": "CVE-2018-1836", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.2" }, { "version_value": "9.0.3" }, { "version_value": "9.0.4" }, { "version_value": "9.0.5" }, { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10734457", "refsource": "CONFIRM", "title": "IBM Security Bulletin 734457 (MQ)", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734457" }, { "name": "ibm-websphere-cve20181836-xss (150661)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150661" }, { "name": "107530", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107530" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1836", "datePublished": "2019-03-19T13:50:17.228019Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T20:37:04.237Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45177
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7063661 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/268066 | vdb-entry |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-45177", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-20T19:24:41.245177Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:13.926Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.779Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7063661" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268066" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066." } ], "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-20T17:29:59.398Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7063661" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268066" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-45177", "datePublished": "2024-03-20T17:29:59.398Z", "dateReserved": "2023-10-05T01:38:58.206Z", "dateUpdated": "2024-08-02T20:14:19.779Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28513
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7007421 | vendor-advisory | |
https://www.ibm.com/support/pages/node/7007731 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 | vdb-entry |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | IBM | MQ |
Version: 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, 9.3 CD |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:43:23.049Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7007421" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7007731" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-28513", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T15:34:38.689370Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T15:35:56.231Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, 9.3 CD" } ] }, { "defaultStatus": "unaffected", "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2 LTS, 9.3 LTS, 9.2 CD, 9.2 LTS" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397." } ], "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-19T01:49:14.604Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7007421" }, { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7007731" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-28513", "datePublished": "2023-07-19T01:49:14.604Z", "dateReserved": "2023-03-16T21:05:38.974Z", "dateUpdated": "2024-10-21T15:35:56.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4227
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/886899 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/159352 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 8.0.0.12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:33:37.652Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/886899" }, { "name": "ibm-websphere-cve20194227-session-fixation (159352)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159352" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "8.0.0.11" }, { "status": "affected", "version": "9.0.0.6" }, { "status": "affected", "version": "8.0.0.12" } ] } ], "datePublic": "2019-09-25T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.9, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/UI:N/C:L/PR:N/AV:N/A:L/S:U/I:L/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-04T14:05:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/886899" }, { "name": "ibm-websphere-cve20194227-session-fixation (159352)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159352" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-09-25T00:00:00", "ID": "CVE-2019-4227", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "8.0.0.11" }, { "version_value": "9.0.0.6" }, { "version_value": "8.0.0.12" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "H", "AV": "N", "C": "L", "I": "L", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/886899", "refsource": "CONFIRM", "title": "IBM Security Bulletin 886899 (MQ)", "url": "https://www.ibm.com/support/pages/node/886899" }, { "name": "ibm-websphere-cve20194227-session-fixation (159352)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159352" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4227", "datePublished": "2019-10-04T14:05:20.248976Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T17:43:43.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-39034
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6556466 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/213964 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:17.982Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6556466" }, { "name": "ibm-mq-cve202139034-dos (213964)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213964" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1.0" } ] } ], "datePublic": "2022-02-15T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/C:N/AC:H/PR:L/I:N/A:H/UI:N/AV:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-17T16:30:10", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6556466" }, { "name": "ibm-mq-cve202139034-dos (213964)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213964" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-02-15T00:00:00", "ID": "CVE-2021-39034", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.1.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6556466", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6556466 (MQ)", "url": "https://www.ibm.com/support/pages/node/6556466" }, { "name": "ibm-mq-cve202139034-dos (213964)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213964" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-39034", "datePublished": "2022-02-17T16:30:11.043240Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T17:14:09.555Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4378
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://supportcontent.ibm.com/support/pages/node/886885 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/162084 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.5.0.6 Version: 7.5.0.7 Version: 7.5.0.8 Version: 8.0.0.8 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.1.0.4 Version: 7.1.0.5 Version: 7.1.0.6 Version: 7.1.0.7 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 7.1.0.0 Version: 7.1.0.8 Version: 7.1.0.9 Version: 7.5.0.0 Version: 7.5.0.9 Version: 8.0.0.12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:33:37.928Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://supportcontent.ibm.com/support/pages/node/886885" }, { "name": "ibm-mq-cve20194378-dos (162084)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162084" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "7.5.0.1" }, { "status": "affected", "version": "7.5.0.2" }, { "status": "affected", "version": "7.5.0.3" }, { "status": "affected", "version": "7.5.0.4" }, { "status": "affected", "version": "7.5.0.5" }, { "status": "affected", "version": "7.5.0.6" }, { "status": "affected", "version": "7.5.0.7" }, { "status": "affected", "version": "7.5.0.8" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "7.1.0.1" }, { "status": "affected", "version": "7.1.0.2" }, { "status": "affected", "version": "7.1.0.3" }, { "status": "affected", "version": "7.1.0.4" }, { "status": "affected", "version": "7.1.0.5" }, { "status": "affected", "version": "7.1.0.6" }, { "status": "affected", "version": "7.1.0.7" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "8.0.0.11" }, { "status": "affected", "version": "9.0.0.6" }, { "status": "affected", "version": "7.1.0.0" }, { "status": "affected", "version": "7.1.0.8" }, { "status": "affected", "version": "7.1.0.9" }, { "status": "affected", "version": "7.5.0.0" }, { "status": "affected", "version": "7.5.0.9" }, { "status": "affected", "version": "8.0.0.12" } ] } ], "datePublic": "2019-09-17T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:N/A:H/AC:H/S:U/UI:N/AV:N/I:N/PR:L/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-26T15:05:30", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://supportcontent.ibm.com/support/pages/node/886885" }, { "name": "ibm-mq-cve20194378-dos (162084)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162084" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-09-17T00:00:00", "ID": "CVE-2019-4378", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "7.5.0.1" }, { "version_value": "7.5.0.2" }, { "version_value": "7.5.0.3" }, { "version_value": "7.5.0.4" }, { "version_value": "7.5.0.5" }, { "version_value": "7.5.0.6" }, { "version_value": "7.5.0.7" }, { "version_value": "7.5.0.8" }, { "version_value": "8.0.0.8" }, { "version_value": "7.1.0.1" }, { "version_value": "7.1.0.2" }, { "version_value": "7.1.0.3" }, { "version_value": "7.1.0.4" }, { "version_value": "7.1.0.5" }, { "version_value": "7.1.0.6" }, { "version_value": "7.1.0.7" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "8.0.0.11" }, { "version_value": "9.0.0.6" }, { "version_value": "7.1.0.0" }, { "version_value": "7.1.0.8" }, { "version_value": "7.1.0.9" }, { "version_value": "7.5.0.0" }, { "version_value": "7.5.0.9" }, { "version_value": "8.0.0.12" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://supportcontent.ibm.com/support/pages/node/886885", "refsource": "CONFIRM", "title": "IBM Security Bulletin 886885 (MQ)", "url": "https://supportcontent.ibm.com/support/pages/node/886885" }, { "name": "ibm-mq-cve20194378-dos (162084)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162084" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4378", "datePublished": "2019-09-26T15:05:31.039884Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T02:32:24.120Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4655
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1106529 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/170966 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:48.201Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1106529" }, { "name": "ibm-mq-cve20194655-dos (170966)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "9.1.0.3" }, { "status": "affected", "version": "9.1.3" } ] } ], "datePublic": "2019-12-20T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:N/A:L/S:U/I:N/PR:L/AV:N/AC:L/UI:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-12-30T15:35:22", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1106529" }, { "name": "ibm-mq-cve20194655-dos (170966)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-12-20T00:00:00", "ID": "CVE-2019-4655", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "9.1.0.3" }, { "version_value": "9.1.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1106529", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1106529 (MQ)", "url": "https://www.ibm.com/support/pages/node/1106529" }, { "name": "ibm-mq-cve20194655-dos (170966)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4655", "datePublished": "2019-12-30T15:35:22.708634Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T01:55:55.073Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-35156
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7158058 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/292766 | vdb-entry |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-35156", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-01T16:44:56.310824Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-01T16:45:06.257Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:07:46.944Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7158058" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292766" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.3 LTS and 9.3 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766." } ], "value": "IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-28T18:12:21.696Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7158058" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292766" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ information disclosure", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-35156", "datePublished": "2024-06-28T18:12:21.696Z", "dateReserved": "2024-05-09T16:27:47.447Z", "dateUpdated": "2024-08-02T03:07:46.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4261
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/docview.wss?uid=ibm10886887 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/160013 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:33:37.855Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886887" }, { "name": "ibm-mq-cve20194261-dos (160013)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "8.0.0.11" }, { "status": "affected", "version": "9.0.0.6" } ] } ], "datePublic": "2019-08-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/A:L/C:N/I:N/AC:L/AV:N/S:U/PR:L/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-05T13:40:15", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886887" }, { "name": "ibm-mq-cve20194261-dos (160013)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-08-01T00:00:00", "ID": "CVE-2019-4261", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "8.0.0.11" }, { "version_value": "9.0.0.6" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10886887", "refsource": "CONFIRM", "title": "IBM Security Bulletin 886887 (MQ)", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886887" }, { "name": "ibm-mq-cve20194261-dos (160013)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4261", "datePublished": "2019-08-05T13:40:15.514791Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T03:43:43.454Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4931
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6403295 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/191747 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 9.1.0.3 Version: 9.1.3 Version: 9.1.0.4 Version: 9.1.4 Version: 9.1.0.5 Version: 9.1.5 Version: 9.1.0.6 Version: 9.2.0.0 Version: 9.2.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.186Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6403295" }, { "name": "ibm-mq-cve20204931-dos (191747)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "9.1.0.3" }, { "status": "affected", "version": "9.1.3" }, { "status": "affected", "version": "9.1.0.4" }, { "status": "affected", "version": "9.1.4" }, { "status": "affected", "version": "9.1.0.5" }, { "status": "affected", "version": "9.1.5" }, { "status": "affected", "version": "9.1.0.6" }, { "status": "affected", "version": "9.2.0.0" }, { "status": "affected", "version": "9.2.0.1" } ] } ], "datePublic": "2021-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/S:U/UI:N/A:H/C:N/PR:L/I:N/AC:L/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T17:20:13", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6403295" }, { "name": "ibm-mq-cve20204931-dos (191747)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-02-23T00:00:00", "ID": "CVE-2020-4931", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "9.1.0.3" }, { "version_value": "9.1.3" }, { "version_value": "9.1.0.4" }, { "version_value": "9.1.4" }, { "version_value": "9.1.0.5" }, { "version_value": "9.1.5" }, { "version_value": "9.1.0.6" }, { "version_value": "9.2.0.0" }, { "version_value": "9.2.0.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6403295", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6403295 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6403295" }, { "name": "ibm-mq-cve20204931-dos (191747)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4931", "datePublished": "2021-02-24T17:20:13.887915Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T03:07:35.365Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1998
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/154887 | vdb-entry, x_refsource_XF | |
https://www.ibm.com/support/docview.wss?uid=ibm10870488 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T04:14:39.595Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ibm-websphere-cve20181998-priv-escalation(154887)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154887" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870488" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1.1" } ] } ], "datePublic": "2019-03-08T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 7.7, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:L/S:C/UI:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-11T21:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "ibm-websphere-cve20181998-priv-escalation(154887)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154887" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870488" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-03-08T00:00:00", "ID": "CVE-2018-1998", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "L", "S": "C", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "ibm-websphere-cve20181998-priv-escalation(154887)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154887" }, { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10870488", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870488" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1998", "datePublished": "2019-03-11T22:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-17T02:41:53.831Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4560
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1106037 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/166357 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ |
Version: 9.0.0.1 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 8.0.0.11 Version: 9.0.0.6 Version: 8.0.0.12 Version: 9.1.0.3 Version: 9.1.3 Version: 9.0.0.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:47.319Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1106037" }, { "name": "ibm-mq-cve20194560-dos (166357)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166357" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.0.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "9.0.0.2" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "9.0.0.3" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.0.0.0" }, { "status": "affected", "version": "9.0.0.4" }, { "status": "affected", "version": "9.0.0.5" }, { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "8.0.0.11" }, { "status": "affected", "version": "9.0.0.6" }, { "status": "affected", "version": "8.0.0.12" }, { "status": "affected", "version": "9.1.0.3" }, { "status": "affected", "version": "9.1.3" }, { "status": "affected", "version": "9.0.0.7" } ] } ], "datePublic": "2019-12-13T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:N/AC:H/S:U/UI:N/AV:N/PR:L/A:H/I:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-12-16T15:45:16", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1106037" }, { "name": "ibm-mq-cve20194560-dos (166357)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166357" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-12-13T00:00:00", "ID": "CVE-2019-4560", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.0.0.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.7" }, { "version_value": "9.0.0.2" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.9" }, { "version_value": "9.0.0.3" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "9.0.0.0" }, { "version_value": "9.0.0.4" }, { "version_value": "9.0.0.5" }, { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "8.0.0.11" }, { "version_value": "9.0.0.6" }, { "version_value": "8.0.0.12" }, { "version_value": "9.1.0.3" }, { "version_value": "9.1.3" }, { "version_value": "9.0.0.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1106037", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1106037 (MQ)", "url": "https://www.ibm.com/support/pages/node/1106037" }, { "name": "ibm-mq-cve20194560-dos (166357)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166357" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4560", "datePublished": "2019-12-16T15:45:16.251276Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T18:44:07.513Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202003-0592
Vulnerability from variot
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0592", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.9" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.9" }, { "model": "mq", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "websphere mq", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0" }, { "model": "mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq appliance lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq cd", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" }, { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "NVD", "id": "CVE-2019-4719" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:mq", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:mq_appliance", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:websphere_mq", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014905" } ] }, "cve": "CVE-2019-4719", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2019-4719", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.0, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2019-014905", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2020-17505", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-4719", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.4, "id": "CVE-2019-4719", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2019-014905", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-4719", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2019-4719", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2019-014905", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2020-17505", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202003-904", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" }, { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "CNNVD", "id": "CNNVD-202003-904" }, { "db": "NVD", "id": "CVE-2019-4719" }, { "db": "NVD", "id": "CVE-2019-4719" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware", "sources": [ { "db": "NVD", "id": "CVE-2019-4719" }, { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "CNVD", "id": "CNVD-2020-17505" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4719", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2019-014905", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-17505", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.4106", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202003-904", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" }, { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "CNNVD", "id": "CNNVD-202003-904" }, { "db": "NVD", "id": "CVE-2019-4719" } ] }, "id": "VAR-202003-0592", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" } ], "trust": 1.06875 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" } ] }, "last_update_date": "2024-11-23T20:33:16.637000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1136608", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1136608" }, { "title": "ibm-mq-cve20194719-info-disc (172124)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124" }, { "title": "Patch for IBM MQ and IBM MQ Appliance information disclosure vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/209203" }, { "title": "IBM MQ and IBM MQ Appliance Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=112529" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" }, { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "CNNVD", "id": "CNNVD-202003-904" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-200", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "NVD", "id": "CVE-2019-4719" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/1136608" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4719" }, { "trust": 1.2, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-cve-2019-4719/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4719" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-cve-2019-4719/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.4106" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" }, { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "CNNVD", "id": "CNNVD-202003-904" }, { "db": "NVD", "id": "CVE-2019-4719" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-17505" }, { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "CNNVD", "id": "CNNVD-202003-904" }, { "db": "NVD", "id": "CVE-2019-4719" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-18T00:00:00", "db": "CNVD", "id": "CNVD-2020-17505" }, { "date": "2020-03-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "date": "2020-03-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-904" }, { "date": "2020-03-16T16:15:12.750000", "db": "NVD", "id": "CVE-2019-4719" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-18T00:00:00", "db": "CNVD", "id": "CNVD-2020-17505" }, { "date": "2020-03-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "date": "2023-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-904" }, { "date": "2024-11-21T04:44:02.880000", "db": "NVD", "id": "CVE-2019-4719" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-904" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and IBM MQ Appliance information disclosure vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" }, { "db": "CNNVD", "id": "CNNVD-202003-904" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-904" } ], "trust": 0.6 } }
var-202003-0593
Vulnerability from variot
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. IBM MQ and MQ Appliance There is an input verification vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 170967 It is published as.Service operation interruption (DoS) It may be put into a state. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The vulnerability stems from an error in processing error messages. An attacker can use this vulnerability to cause a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0593", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.9" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.9" }, { "model": "mq", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "websphere mq", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0" }, { "model": "mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq appliance lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq cd", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17502" }, { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "NVD", "id": "CVE-2019-4656" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:mq", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:mq_appliance", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:websphere_mq", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014904" } ] }, "cve": "CVE-2019-4656", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2019-4656", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-014904", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CNVD-2020-17502", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2019-4656", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2019-4656", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-014904", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-4656", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2019-4656", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2019-014904", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2020-17502", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202003-896", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17502" }, { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "CNNVD", "id": "CNNVD-202003-896" }, { "db": "NVD", "id": "CVE-2019-4656" }, { "db": "NVD", "id": "CVE-2019-4656" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. IBM MQ and MQ Appliance There is an input verification vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 170967 It is published as.Service operation interruption (DoS) It may be put into a state. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The vulnerability stems from an error in processing error messages. An attacker can use this vulnerability to cause a denial of service", "sources": [ { "db": "NVD", "id": "CVE-2019-4656" }, { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "CNVD", "id": "CNVD-2020-17502" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4656", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2019-014904", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-17502", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.4106", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202003-896", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17502" }, { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "CNNVD", "id": "CNNVD-202003-896" }, { "db": "NVD", "id": "CVE-2019-4656" } ] }, "id": "VAR-202003-0593", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-17502" } ], "trust": 1.06875 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17502" } ] }, "last_update_date": "2024-11-23T21:06:16.264000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1135095", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1135095" }, { "title": "ibm-mq-cve20194656-dos (170967)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967" }, { "title": "Patch for IBM MQ Appliance and IBM MQ Denial of Service Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/209207" }, { "title": "IBM MQ and IBM MQ Appliance Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=112526" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17502" }, { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "CNNVD", "id": "CNNVD-202003-896" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "NVD", "id": "CVE-2019-4656" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/1135095" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4656" }, { "trust": 1.2, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-error-processing-error-messages-cve-2019-4656/" }, { "trust": 1.2, "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-31785" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4656" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-authenticated-user-crafting-a-malicious-message-cve-2019-4656/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.4106" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17502" }, { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "CNNVD", "id": "CNNVD-202003-896" }, { "db": "NVD", "id": "CVE-2019-4656" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-17502" }, { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "CNNVD", "id": "CNNVD-202003-896" }, { "db": "NVD", "id": "CVE-2019-4656" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-18T00:00:00", "db": "CNVD", "id": "CNVD-2020-17502" }, { "date": "2020-03-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "date": "2020-03-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-896" }, { "date": "2020-03-16T16:15:12.670000", "db": "NVD", "id": "CVE-2019-4656" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-18T00:00:00", "db": "CNVD", "id": "CNVD-2020-17502" }, { "date": "2020-03-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "date": "2023-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-896" }, { "date": "2024-11-21T04:43:56.300000", "db": "NVD", "id": "CVE-2019-4656" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-896" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and MQ Appliance Input verification vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014904" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-896" } ], "trust": 0.6 } }
var-201801-0385
Vulnerability from variot
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. IBM WebSphere MQ Contains an access control vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 131547 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0385", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "websphere mq", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "9.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "8.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.2" }, { "model": "mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" } ], "sources": [ { "db": "BID", "id": "102418" }, { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "CNNVD", "id": "CNNVD-201801-077" }, { "db": "NVD", "id": "CVE-2017-1557" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:websphere_mq", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011805" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported the issue.", "sources": [ { "db": "BID", "id": "102418" } ], "trust": 0.3 }, "cve": "CVE-2017-1557", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2017-1557", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2017-1557", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-1557", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2017-1557", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201801-077", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "CNNVD", "id": "CNNVD-201801-077" }, { "db": "NVD", "id": "CVE-2017-1557" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. IBM WebSphere MQ Contains an access control vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 131547 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial-of-service condition", "sources": [ { "db": "NVD", "id": "CVE-2017-1557" }, { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "BID", "id": "102418" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-1557", "trust": 2.7 }, { "db": "BID", "id": "102418", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2017-011805", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201801-077", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "102418" }, { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "CNNVD", "id": "CNNVD-201801-077" }, { "db": "NVD", "id": "CVE-2017-1557" } ] }, "id": "VAR-201801-0385", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.46875 }, "last_update_date": "2024-11-23T22:22:15.338000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "2004378", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22004378" }, { "title": "IBM WebSphere MQ Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77425" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "CNNVD", "id": "CNNVD-201801-077" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-284", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "NVD", "id": "CVE-2017-1557" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://www.securityfocus.com/bid/102418" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547" }, { "trust": 1.6, "url": "http://www.ibm.com/support/docview.wss?uid=swg22004378" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1557" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1557" }, { "trust": 0.3, "url": "http://www.ibm.com/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22004378" } ], "sources": [ { "db": "BID", "id": "102418" }, { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "CNNVD", "id": "CNNVD-201801-077" }, { "db": "NVD", "id": "CVE-2017-1557" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "102418" }, { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "CNNVD", "id": "CNNVD-201801-077" }, { "db": "NVD", "id": "CVE-2017-1557" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-02T00:00:00", "db": "BID", "id": "102418" }, { "date": "2018-01-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "date": "2018-01-03T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-077" }, { "date": "2018-01-02T17:29:01.070000", "db": "NVD", "id": "CVE-2017-1557" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-02T00:00:00", "db": "BID", "id": "102418" }, { "date": "2018-01-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-077" }, { "date": "2024-11-21T03:22:04.467000", "db": "NVD", "id": "CVE-2017-1557" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-077" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ Access control vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011805" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-077" } ], "trust": 0.6 } }
var-202001-0210
Vulnerability from variot
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 168639 Published as.Denial of service operation (DoS) May be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0210", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.8" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "appliance" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "db": "NVD", "id": "CVE-2019-4614" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.0.8", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.0.8", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-4614" } ] }, "cve": "CVE-2019-4614", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4614", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 1.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2019-4614", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4614", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-4614", "trust": 1.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202001-1260", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "db": "CNNVD", "id": "CNNVD-202001-1260" }, { "db": "NVD", "id": "CVE-2019-4614" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 168639 Published as.Denial of service operation (DoS) May be in a state", "sources": [ { "db": "NVD", "id": "CVE-2019-4614" }, { "db": "JVNDB", "id": "JVNDB-2019-014394" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4614", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2019-014394", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2020.0266", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202001-1260", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "db": "CNNVD", "id": "CNNVD-202001-1260" }, { "db": "NVD", "id": "CVE-2019-4614" } ] }, "id": "VAR-202001-0210", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T07:01:18.851000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1106523 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1106523" }, { "title": "IBM MQ and IBM MQ Appliance Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=109435" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "db": "CNNVD", "id": "CNNVD-202001-1260" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "db": "NVD", "id": "CVE-2019-4614" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/1106523" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4614" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1125897" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1135023" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1125891" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1127031" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0266/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-caused-by-converting-an-invalid-message-cve-2019-4614/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-invalid-message-31428" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-multiple-vulnerabilities-within-ibm-mq-cve-2019-4655-cve-2019-4560-cve-2019-4614-cve-2019-4620/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-affected-by-ibm-mq-vulnerability-cve-2019-4614/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "db": "CNNVD", "id": "CNNVD-202001-1260" }, { "db": "NVD", "id": "CVE-2019-4614" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "db": "CNNVD", "id": "CNNVD-202001-1260" }, { "db": "NVD", "id": "CVE-2019-4614" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "date": "2020-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202001-1260" }, { "date": "2020-01-28T19:15:00", "db": "NVD", "id": "CVE-2019-4614" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "date": "2020-05-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202001-1260" }, { "date": "2021-07-21T11:39:00", "db": "NVD", "id": "CVE-2019-4614" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202001-1260" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0MQ\u00a0 and \u00a0MQ\u00a0Appliance\u00a0 Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202001-1260" } ], "trust": 0.6 } }
var-201811-0300
Vulnerability from variot
IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456. IBM WebSphere MQ Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 145456 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0300", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.5" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.0.5" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.1" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0 to 9.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.5" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.5" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.4" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.3" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.2" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" } ], "sources": [ { "db": "BID", "id": "105999" }, { "db": "JVNDB", "id": "JVNDB-2018-011791" }, { "db": "CNNVD", "id": "CNNVD-201811-122" }, { "db": "NVD", "id": "CVE-2018-1684" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:websphere_mq", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011791" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported the issue.", "sources": [ { "db": "BID", "id": "105999" } ], "trust": 0.3 }, "cve": "CVE-2018-1684", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2018-1684", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2018-1684", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.6, "id": "CVE-2018-1684", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-1684", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2018-1684", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2018-1684", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201811-122", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-1684", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-1684" }, { "db": "JVNDB", "id": "JVNDB-2018-011791" }, { "db": "CNNVD", "id": "CNNVD-201811-122" }, { "db": "NVD", "id": "CVE-2018-1684" }, { "db": "NVD", "id": "CVE-2018-1684" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456. IBM WebSphere MQ Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 145456 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial-of-service condition", "sources": [ { "db": "NVD", "id": "CVE-2018-1684" }, { "db": "JVNDB", "id": "JVNDB-2018-011791" }, { "db": "BID", "id": "105999" }, { "db": "VULMON", "id": "CVE-2018-1684" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-1684", "trust": 2.8 }, { "db": "JVNDB", "id": "JVNDB-2018-011791", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.4784", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3122", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201811-122", "trust": 0.6 }, { "db": "BID", "id": "105999", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2018-1684", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-1684" }, { "db": "BID", "id": "105999" }, { "db": "JVNDB", "id": "JVNDB-2018-011791" }, { "db": "CNNVD", "id": "CNNVD-201811-122" }, { "db": "NVD", "id": "CVE-2018-1684" } ] }, "id": "VAR-201811-0300", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.46875 }, "last_update_date": "2024-11-23T20:21:22.915000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "0734297", "trust": 0.8, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10734297" }, { "title": "ibm-websphere-cve20181684-dos (145456)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456" }, { "title": "IBM WebSphere MQ Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86629" }, { "title": "IBM: IBM Security Bulletin: Multiple IBM MQ Security Vulnerabilities Affect IBM Sterling B2B Integrator", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=12d49a0da922bc87e2a67d963391d2c3" }, { "title": "IoT-Flock", "trust": 0.1, "url": "https://github.com/ThingzDefense/IoT-Flock " }, { "title": "", "trust": 0.1, "url": "https://github.com/abbas4Security/CoAPIDS " }, { "title": "cve", "trust": 0.1, "url": "https://github.com/michwqy/cve " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-1684" }, { "db": "JVNDB", "id": "JVNDB-2018-011791" }, { "db": "CNNVD", "id": "CNNVD-201811-122" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011791" }, { "db": "NVD", "id": "CVE-2018-1684" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734297" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145456" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1684" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1684" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1137634" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1115109" }, { "trust": 0.6, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10967151" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10967151" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1115031" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3122/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4784/" }, { "trust": 0.3, "url": "http://www.ibm.com/" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10734297" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/thingzdefense/iot-flock" }, { "trust": 0.1, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-ibm-mq-security-vulnerabilities-affect-ibm-sterling-b2b-integrator/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-1684" }, { "db": "BID", "id": "105999" }, { "db": "JVNDB", "id": "JVNDB-2018-011791" }, { "db": "CNNVD", "id": "CNNVD-201811-122" }, { "db": "NVD", "id": "CVE-2018-1684" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2018-1684" }, { "db": "BID", "id": "105999" }, { "db": "JVNDB", "id": "JVNDB-2018-011791" }, { "db": "CNNVD", "id": "CNNVD-201811-122" }, { "db": "NVD", "id": "CVE-2018-1684" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-09T00:00:00", "db": "VULMON", "id": "CVE-2018-1684" }, { "date": "2018-11-01T00:00:00", "db": "BID", "id": "105999" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011791" }, { "date": "2018-11-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-122" }, { "date": "2018-11-09T01:29:00.367000", "db": "NVD", "id": "CVE-2018-1684" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-24T00:00:00", "db": "VULMON", "id": "CVE-2018-1684" }, { "date": "2018-11-01T00:00:00", "db": "BID", "id": "105999" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011791" }, { "date": "2020-10-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-122" }, { "date": "2024-11-21T04:00:12.050000", "db": "NVD", "id": "CVE-2018-1684" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-122" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011791" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-122" } ], "trust": 0.6 } }
var-202202-1477
Vulnerability from variot
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. Vendors may IBM X-Force ID: 218368 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one appliance for rapidly deploying enterprise-class messaging middleware
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-1477", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.2.5" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.2.0" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.5" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 lts" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 cd" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.2" }, { "model": "mq appliance lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51680" }, { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "NVD", "id": "CVE-2022-22321" } ] }, "cve": "CVE-2022-22321", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2022-22321", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.9, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2022-51680", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2022-22321", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.4, "id": "CVE-2022-22321", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-22321", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-22321", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2022-22321", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2022-22321", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2022-51680", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202202-2176", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2022-22321", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51680" }, { "db": "VULMON", "id": "CVE-2022-22321" }, { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "CNNVD", "id": "CNNVD-202202-2176" }, { "db": "NVD", "id": "CVE-2022-22321" }, { "db": "NVD", "id": "CVE-2022-22321" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. Vendors may IBM X-Force ID: 218368 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one appliance for rapidly deploying enterprise-class messaging middleware", "sources": [ { "db": "NVD", "id": "CVE-2022-22321" }, { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "CNVD", "id": "CNVD-2022-51680" }, { "db": "VULMON", "id": "CVE-2022-22321" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22321", "trust": 3.9 }, { "db": "JVNDB", "id": "JVNDB-2022-006841", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-51680", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0853", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202202-2176", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-22321", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51680" }, { "db": "VULMON", "id": "CVE-2022-22321" }, { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "CNNVD", "id": "CNNVD-202202-2176" }, { "db": "NVD", "id": "CVE-2022-22321" } ] }, "id": "VAR-202202-1477", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-51680" } ], "trust": 1.06875 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51680" } ] }, "last_update_date": "2024-11-23T23:10:57.340000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6560042 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6560042" }, { "title": "Patch for IBM MQ Appliance Information Disclosure Vulnerability (CNVD-2022-51680)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/339966" }, { "title": "IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184361" }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/AlphabugX/CVE-2022-23305 " }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/AlphabugX/CVE-2022-RCE " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51680" }, { "db": "VULMON", "id": "CVE-2022-22321" }, { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "CNNVD", "id": "CNNVD-202202-2176" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-326", "trust": 1.0 }, { "problemtype": "Inadequate protection of credentials (CWE-522) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "NVD", "id": "CVE-2022-22321" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6560042" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22321" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-weak-encryption-via-password-hash-37667" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0853" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22321/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/326.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51680" }, { "db": "VULMON", "id": "CVE-2022-22321" }, { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "CNNVD", "id": "CNNVD-202202-2176" }, { "db": "NVD", "id": "CVE-2022-22321" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-51680" }, { "db": "VULMON", "id": "CVE-2022-22321" }, { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "CNNVD", "id": "CNNVD-202202-2176" }, { "db": "NVD", "id": "CVE-2022-22321" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51680" }, { "date": "2022-03-01T00:00:00", "db": "VULMON", "id": "CVE-2022-22321" }, { "date": "2023-07-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "date": "2022-02-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-2176" }, { "date": "2022-03-01T17:15:08.073000", "db": "NVD", "id": "CVE-2022-22321" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51680" }, { "date": "2023-08-08T00:00:00", "db": "VULMON", "id": "CVE-2022-22321" }, { "date": "2023-07-10T07:14:00", "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-2176" }, { "date": "2024-11-21T06:46:38.320000", "db": "NVD", "id": "CVE-2022-22321" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-2176" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability regarding insufficient protection of authentication information in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-006841" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-2176" } ], "trust": 0.6 } }
var-201712-0082
Vulnerability from variot
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803. IBM WebSphere MQ Contains a data processing vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 127803 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to restart the affected process, denying service to legitimate users
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0082", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "websphere mq", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "7.5" }, { "model": "websphere mq", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "8.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "9.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "7.5.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "7.5.0.6" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "7.5.0.7" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "7.5.0.8" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "7.5.0.5" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "7.5.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" } ], "sources": [ { "db": "BID", "id": "102163" }, { "db": "JVNDB", "id": "JVNDB-2017-010933" }, { "db": "CNNVD", "id": "CNNVD-201712-221" }, { "db": "NVD", "id": "CVE-2017-1433" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-1433" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported the issue.", "sources": [ { "db": "BID", "id": "102163" } ], "trust": 0.3 }, "cve": "CVE-2017-1433", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-1433", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 1.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-1433", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 1.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-1433", "trust": 1.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201712-221", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010933" }, { "db": "CNNVD", "id": "CNNVD-201712-221" }, { "db": "NVD", "id": "CVE-2017-1433" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803. IBM WebSphere MQ Contains a data processing vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 127803 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to restart the affected process, denying service to legitimate users", "sources": [ { "db": "NVD", "id": "CVE-2017-1433" }, { "db": "JVNDB", "id": "JVNDB-2017-010933" }, { "db": "BID", "id": "102163" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-1433", "trust": 2.7 }, { "db": "BID", "id": "102163", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2017-010933", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201712-221", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "102163" }, { "db": "JVNDB", "id": "JVNDB-2017-010933" }, { "db": "CNNVD", "id": "CNNVD-201712-221" }, { "db": "NVD", "id": "CVE-2017-1433" } ] }, "id": "VAR-201712-0082", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.27272728 }, "last_update_date": "2022-05-04T09:04:17.734000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "2005525", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005525" }, { "title": "IBM WebSphere MQ Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77000" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010933" }, { "db": "CNNVD", "id": "CNNVD-201712-221" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-19", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010933" }, { "db": "NVD", "id": "CVE-2017-1433" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803" }, { "trust": 1.6, "url": "https://www.ibm.com/support/docview.wss?uid=swg22005525" }, { "trust": 1.6, "url": "https://www.securityfocus.com/bid/102163" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1433" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1433" }, { "trust": 0.3, "url": "http://www.ibm.com/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005525" } ], "sources": [ { "db": "BID", "id": "102163" }, { "db": "JVNDB", "id": "JVNDB-2017-010933" }, { "db": "CNNVD", "id": "CNNVD-201712-221" }, { "db": "NVD", "id": "CVE-2017-1433" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "102163" }, { "db": "JVNDB", "id": "JVNDB-2017-010933" }, { "db": "CNNVD", "id": "CNNVD-201712-221" }, { "db": "NVD", "id": "CVE-2017-1433" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-12-07T00:00:00", "db": "BID", "id": "102163" }, { "date": "2017-12-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010933" }, { "date": "2017-12-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201712-221" }, { "date": "2017-12-07T15:29:00", "db": "NVD", "id": "CVE-2017-1433" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-12-19T22:38:00", "db": "BID", "id": "102163" }, { "date": "2017-12-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010933" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201712-221" }, { "date": "2019-10-03T00:03:00", "db": "NVD", "id": "CVE-2017-1433" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201712-221" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ Data processing vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010933" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201712-221" } ], "trust": 0.6 } }
var-201912-0162
Vulnerability from variot
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966. IBM MQ Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 170966 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0162", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "eq", "trust": 1.4, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "mq", "scope": "eq", "trust": 1.4, "vendor": "ibm", "version": "9.1.0.2" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.0.3" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.2" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.3" }, { "model": "mq appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.3" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "db": "CNNVD", "id": "CNNVD-201912-980" }, { "db": "NVD", "id": "CVE-2019-4655" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-4655" } ] }, "cve": "CVE-2019-4655", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4655", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 1.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2019-4655", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 4.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4655", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-4655", "trust": 1.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201912-980", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "db": "CNNVD", "id": "CNNVD-201912-980" }, { "db": "NVD", "id": "CVE-2019-4655" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966. IBM MQ Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 170966 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state", "sources": [ { "db": "NVD", "id": "CVE-2019-4655" }, { "db": "JVNDB", "id": "JVNDB-2019-013495" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4655", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2019-013495", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201912-980", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "db": "CNNVD", "id": "CNNVD-201912-980" }, { "db": "NVD", "id": "CVE-2019-4655" } ] }, "id": "VAR-201912-0162", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T10:00:09.088000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1106529", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1106529" }, { "title": "ibm-mq-cve20194655-dos (170966)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966" }, { "title": "IBM MQ and IBM MQ Appliance Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=106392" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "db": "CNNVD", "id": "CNNVD-201912-980" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "db": "NVD", "id": "CVE-2019-4655" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/1106529" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4655" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4655" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-data-conversion-fdc-31208" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-multiple-vulnerabilities-within-ibm-mq-cve-2019-4655-cve-2019-4560-cve-2019-4614-cve-2019-4620/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "db": "CNNVD", "id": "CNNVD-201912-980" }, { "db": "NVD", "id": "CVE-2019-4655" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "db": "CNNVD", "id": "CNNVD-201912-980" }, { "db": "NVD", "id": "CVE-2019-4655" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-01-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "date": "2019-12-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201912-980" }, { "date": "2019-12-30T16:15:00", "db": "NVD", "id": "CVE-2019-4655" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-01-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "date": "2020-02-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201912-980" }, { "date": "2021-07-21T11:39:00", "db": "NVD", "id": "CVE-2019-4655" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201912-980" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201912-980" } ], "trust": 0.6 } }
var-201801-0212
Vulnerability from variot
IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953. Vendors have confirmed this vulnerability IBM X-Force ID: 132953 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IBM WebSphere MQ is prone to a local privilege-escalation vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code with elevated privileges
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0212", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "websphere mq", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "7.0.1.5" }, { "model": "websphere mq", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "7.0.1.11" }, { "model": "websphere mq", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "7.0.1.10" }, { "model": "websphere mq", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "7.5" }, { "model": "websphere mq", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "8.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "9.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "7.0.1.8" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "7.0.1.4" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "7.0.1.9" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "7.0.1.7" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "7.0.1.6" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.0.1.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.5.0.7" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.5.0.6" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.5.0.5" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.5.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.1.0.8" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.1.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.1.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.0.1.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.0.1.14" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.0.1.13" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.0.1.12" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "7.0.1.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.0.1.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.1.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.2.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.8" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.3.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.1" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "websphere mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.9" }, { "model": "mq cd", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "mq lts", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.2" }, { "model": "mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" } ], "sources": [ { "db": "BID", "id": "102479" }, { "db": "JVNDB", "id": "JVNDB-2018-001399" }, { "db": "CNNVD", "id": "CNNVD-201801-336" }, { "db": "NVD", "id": "CVE-2017-1612" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:websphere_mq", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001399" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM", "sources": [ { "db": "BID", "id": "102479" } ], "trust": 0.3 }, "cve": "CVE-2017-1612", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2017-1612", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2017-1612", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-1612", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-1612", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201801-336", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001399" }, { "db": "CNNVD", "id": "CNNVD-201801-336" }, { "db": "NVD", "id": "CVE-2017-1612" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under \u0027mqm\u0027 user. IBM X-Force ID: 132953. Vendors have confirmed this vulnerability IBM X-Force ID: 132953 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IBM WebSphere MQ is prone to a local privilege-escalation vulnerability. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code with elevated privileges", "sources": [ { "db": "NVD", "id": "CVE-2017-1612" }, { "db": "JVNDB", "id": "JVNDB-2018-001399" }, { "db": "BID", "id": "102479" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-1612", "trust": 2.7 }, { "db": "BID", "id": "102479", "trust": 1.9 }, { "db": "SECTRACK", "id": "1040175", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2018-001399", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201801-336", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "102479" }, { "db": "JVNDB", "id": "JVNDB-2018-001399" }, { "db": "CNNVD", "id": "CNNVD-201801-336" }, { "db": "NVD", "id": "CVE-2017-1612" } ] }, "id": "VAR-201801-0212", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.46875 }, "last_update_date": "2024-11-23T22:26:34.197000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "2009918", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22009918" }, { "title": "IBM MQ service trace Fixes for module permissions licensing and access control vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77606" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001399" }, { "db": "CNNVD", "id": "CNNVD-201801-336" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001399" }, { "db": "NVD", "id": "CVE-2017-1612" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://www.securitytracker.com/id/1040175" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/102479" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132953" }, { "trust": 1.6, "url": "http://www.ibm.com/support/docview.wss?uid=swg22009918" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1612" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1612" }, { "trust": 0.3, "url": "http://www.ibm.com" }, { "trust": 0.3, "url": "http://www-4.ibm.com/software/webservers/appserv/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22009918" } ], "sources": [ { "db": "BID", "id": "102479" }, { "db": "JVNDB", "id": "JVNDB-2018-001399" }, { "db": "CNNVD", "id": "CNNVD-201801-336" }, { "db": "NVD", "id": "CVE-2017-1612" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "102479" }, { "db": "JVNDB", "id": "JVNDB-2018-001399" }, { "db": "CNNVD", "id": "CNNVD-201801-336" }, { "db": "NVD", "id": "CVE-2017-1612" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-03T00:00:00", "db": "BID", "id": "102479" }, { "date": "2018-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001399" }, { "date": "2018-01-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-336" }, { "date": "2018-01-09T20:29:00.287000", "db": "NVD", "id": "CVE-2017-1612" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-03T00:00:00", "db": "BID", "id": "102479" }, { "date": "2018-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001399" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-336" }, { "date": "2024-11-21T03:22:08.653000", "db": "NVD", "id": "CVE-2017-1612" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "102479" }, { "db": "CNNVD", "id": "CNNVD-201801-336" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ Vulnerabilities related to authorization, permissions, and access control", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001399" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-336" } ], "trust": 0.6 } }
var-201811-0107
Vulnerability from variot
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947. Vendors have confirmed this vulnerability IBM X-Force ID: 148947 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attackers may exploit these issues to execute arbitrary-code with root privileges
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0107", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "websphere mq", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.5" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.0.5" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.1" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0.0.0 to 8.0.0.10" }, { "model": "websphere mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.0.0.0 to 9.0.0.5" }, { "model": "websphere mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.0.1 to 9.0.5" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "websphere mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.5" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.3" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1" } ], "sources": [ { "db": "BID", "id": "105936" }, { "db": "JVNDB", "id": "JVNDB-2018-011726" }, { "db": "CNNVD", "id": "CNNVD-201811-278" }, { "db": "NVD", "id": "CVE-2018-1792" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:websphere_mq", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011726" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Rich Mirch", "sources": [ { "db": "BID", "id": "105936" } ], "trust": 0.3 }, "cve": "CVE-2018-1792", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2018-1792", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2018-1792", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.0, "id": "CVE-2018-1792", "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-1792", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2018-1792", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2018-1792", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201811-278", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-1792", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-1792" }, { "db": "JVNDB", "id": "JVNDB-2018-011726" }, { "db": "CNNVD", "id": "CNNVD-201811-278" }, { "db": "NVD", "id": "CVE-2018-1792" }, { "db": "NVD", "id": "CVE-2018-1792" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947. Vendors have confirmed this vulnerability IBM X-Force ID: 148947 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nAn attackers may exploit these issues to execute arbitrary-code with root privileges", "sources": [ { "db": "NVD", "id": "CVE-2018-1792" }, { "db": "JVNDB", "id": "JVNDB-2018-011726" }, { "db": "BID", "id": "105936" }, { "db": "VULMON", "id": "CVE-2018-1792" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-1792", "trust": 2.8 }, { "db": "BID", "id": "105936", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2018-011726", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.0782", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3122", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4784", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201811-278", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2018-1792", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-1792" }, { "db": "BID", "id": "105936" }, { "db": "JVNDB", "id": "JVNDB-2018-011726" }, { "db": "CNNVD", "id": "CNNVD-201811-278" }, { "db": "NVD", "id": "CVE-2018-1792" } ] }, "id": "VAR-201811-0107", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.46875 }, "last_update_date": "2024-11-23T20:39:19.214000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "0734447", "trust": 0.8, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10734447" }, { "title": "ibm-websphere-cve20181792-priv-escalation (148947)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947" }, { "title": "IBM MQ Repair measures for library security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86718" }, { "title": "IBM: IBM Security Bulletin: IBM MQ could allow a local user to inject code that could be executed with root privileges. (CVE-2018-1998)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=72465d2f99054ba61ae311541ab96ff0" }, { "title": "IBM: IBM Security Bulletin: Multiple IBM MQ Security Vulnerabilities Affect IBM Sterling B2B Integrator", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=12d49a0da922bc87e2a67d963391d2c3" }, { "title": "security-research", "trust": 0.1, "url": "https://github.com/mirchr/security-research " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-1792" }, { "db": "JVNDB", "id": "JVNDB-2018-011726" }, { "db": "CNNVD", "id": "CNNVD-201811-278" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-94", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011726" }, { "db": "NVD", "id": "CVE-2018-1792" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.securityfocus.com/bid/105936" }, { "trust": 1.7, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734447" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1792" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1792" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1137634" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1115109" }, { "trust": 0.6, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10967151" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10967151" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1115031" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/76906" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3122/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4784/" }, { "trust": 0.3, "url": "http://www.ibm.com" }, { "trust": 0.3, "url": "http://www-4.ibm.com/software/webservers/appserv/" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10734447" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/94.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-could-allow-a-local-user-to-inject-code-that-could-be-executed-with-root-privileges-cve-2018-1998/" }, { "trust": 0.1, "url": "https://github.com/mirchr/security-research" } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-1792" }, { "db": "BID", "id": "105936" }, { "db": "JVNDB", "id": "JVNDB-2018-011726" }, { "db": "CNNVD", "id": "CNNVD-201811-278" }, { "db": "NVD", "id": "CVE-2018-1792" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2018-1792" }, { "db": "BID", "id": "105936" }, { "db": "JVNDB", "id": "JVNDB-2018-011726" }, { "db": "CNNVD", "id": "CNNVD-201811-278" }, { "db": "NVD", "id": "CVE-2018-1792" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-13T00:00:00", "db": "VULMON", "id": "CVE-2018-1792" }, { "date": "2018-11-12T00:00:00", "db": "BID", "id": "105936" }, { "date": "2019-01-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011726" }, { "date": "2018-11-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-278" }, { "date": "2018-11-13T15:29:00.373000", "db": "NVD", "id": "CVE-2018-1792" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULMON", "id": "CVE-2018-1792" }, { "date": "2018-11-12T00:00:00", "db": "BID", "id": "105936" }, { "date": "2019-01-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011726" }, { "date": "2019-12-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-278" }, { "date": "2024-11-21T04:00:22.860000", "db": "NVD", "id": "CVE-2018-1792" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "105936" }, { "db": "CNNVD", "id": "CNNVD-201811-278" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ Code injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011726" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-278" } ], "trust": 0.6 } }
var-202001-0209
Vulnerability from variot
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 166629 Published as.Denial of service operation (DoS) May be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0209", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.8" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.0 lts" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "appliance 8.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "db": "NVD", "id": "CVE-2019-4568" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.0.8", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.0.8", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-4568" } ] }, "cve": "CVE-2019-4568", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4568", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 1.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "id": "CVE-2019-4568", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4568", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-4568", "trust": 1.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202001-1259", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "db": "CNNVD", "id": "CNNVD-202001-1259" }, { "db": "NVD", "id": "CVE-2019-4568" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 166629 Published as.Denial of service operation (DoS) May be in a state", "sources": [ { "db": "NVD", "id": "CVE-2019-4568" }, { "db": "JVNDB", "id": "JVNDB-2019-014396" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4568", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2019-014396", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202001-1259", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "db": "CNNVD", "id": "CNNVD-202001-1259" }, { "db": "NVD", "id": "CVE-2019-4568" } ] }, "id": "VAR-202001-0209", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T10:11:11.109000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1106517 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1106517" }, { "title": "IBM MQ and IBM MQ Appliance Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110076" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "db": "CNNVD", "id": "CNNVD-202001-1259" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "db": "NVD", "id": "CVE-2019-4568" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/1106517" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166629" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4568" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-error-within-the-clustering-code-cve-2019-4568/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-clustering-code-31427" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "db": "CNNVD", "id": "CNNVD-202001-1259" }, { "db": "NVD", "id": "CVE-2019-4568" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "db": "CNNVD", "id": "CNNVD-202001-1259" }, { "db": "NVD", "id": "CVE-2019-4568" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "date": "2020-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202001-1259" }, { "date": "2020-01-28T19:15:00", "db": "NVD", "id": "CVE-2019-4568" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "date": "2021-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202001-1259" }, { "date": "2021-07-21T11:39:00", "db": "NVD", "id": "CVE-2019-4568" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202001-1259" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0MQ\u00a0 and \u00a0MQ\u00a0Appliance\u00a0 Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202001-1259" } ], "trust": 0.6 } }
var-202101-1665
Vulnerability from variot
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1665", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.3" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.7" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.2" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.6" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.6" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.7" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.8" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.0" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.8" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.6" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.9" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.2" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.15" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.5" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.9" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.5" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.3" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.3" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.10" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq appliance", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.5" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.2.1.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4682" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.1:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.2:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.3:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.4:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.5:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.6:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.7:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.8:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.9:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.10:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.1:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.2:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.3:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.4:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.5:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.6:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.2.1.0:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4682" } ] }, "cve": "CVE-2020-4682", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2020-4682", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 1.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-4682", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-4682", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202101-2461", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2020-4682", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4682" }, { "db": "CNNVD", "id": "CNNVD-202101-2461" }, { "db": "NVD", "id": "CVE-2020-4682" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509", "sources": [ { "db": "NVD", "id": "CVE-2020-4682" }, { "db": "VULMON", "id": "CVE-2020-4682" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4682", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-202101-2461", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-4682", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4682" }, { "db": "CNNVD", "id": "CNNVD-202101-2461" }, { "db": "NVD", "id": "CVE-2020-4682" } ] }, "id": "VAR-202101-1665", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T08:52:19.080000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "IBM MQ Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140067" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-2461" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4682" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6408626" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6496783" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4682" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4682/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-code-execution-via-deserialization-34421" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4682/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4682" }, { "db": "CNNVD", "id": "CNNVD-202101-2461" }, { "db": "NVD", "id": "CVE-2020-4682" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2020-4682" }, { "db": "CNNVD", "id": "CNNVD-202101-2461" }, { "db": "NVD", "id": "CVE-2020-4682" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-28T00:00:00", "db": "VULMON", "id": "CVE-2020-4682" }, { "date": "2021-01-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-2461" }, { "date": "2021-01-28T13:15:00", "db": "NVD", "id": "CVE-2020-4682" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-02T00:00:00", "db": "VULMON", "id": "CVE-2020-4682" }, { "date": "2021-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-2461" }, { "date": "2021-02-02T17:35:00", "db": "NVD", "id": "CVE-2020-4682" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-2461" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Code problem vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-2461" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-2461" } ], "trust": 0.6 } }
var-202003-0589
Vulnerability from variot
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862. Vendor exploits this vulnerability IBM X-Force ID: 168862 It is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0589", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.9" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.9" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "websphere mq", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "NVD", "id": "CVE-2019-4619" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndIncluding": "9.0.0.9", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.5.0.9", "versionStartIncluding": "7.1.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndIncluding": "9.0.0.9", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.5.0.9", "versionStartIncluding": "7.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-4619" } ] }, "cve": "CVE-2019-4619", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2019-4619", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "LOW", "trust": 1.1, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2019-014903", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-4619", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2019-014903", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-4619", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2019-014903", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202003-899", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2019-4619", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-4619" }, { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "CNNVD", "id": "CNNVD-202003-899" }, { "db": "NVD", "id": "CVE-2019-4619" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862. Vendor exploits this vulnerability IBM X-Force ID: 168862 It is published as.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2019-4619" }, { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "VULMON", "id": "CVE-2019-4619" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4619", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2019-014903", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202003-899", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2019-4619", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-4619" }, { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "CNNVD", "id": "CNNVD-202003-899" }, { "db": "NVD", "id": "CVE-2019-4619" } ] }, "id": "VAR-202003-0589", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T09:02:47.160000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1135101", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1135101" }, { "title": "ibm-mq-cve20194619-info-disc (168862)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862" }, { "title": "IBM MQ and IBM MQ Appliance Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112528" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "CNNVD", "id": "CNNVD-202003-899" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-209", "trust": 1.0 }, { "problemtype": "CWE-200", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "NVD", "id": "CVE-2019-4619" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/1135101" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4619" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4619" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-information-disclosure-31786" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-a-local-attacker-to-obtain-sensitive-information-by-inclusion-of-sensitive-data-within-trace-cve-2019-4619/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-by-inclusion-of-sensitive-data-within-trace-cve-2019-4619/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/209.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-4619" }, { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "CNNVD", "id": "CNNVD-202003-899" }, { "db": "NVD", "id": "CVE-2019-4619" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2019-4619" }, { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "CNNVD", "id": "CNNVD-202003-899" }, { "db": "NVD", "id": "CVE-2019-4619" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-16T00:00:00", "db": "VULMON", "id": "CVE-2019-4619" }, { "date": "2020-03-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "date": "2020-03-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-899" }, { "date": "2020-03-16T16:15:00", "db": "NVD", "id": "CVE-2019-4619" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-24T00:00:00", "db": "VULMON", "id": "CVE-2019-4619" }, { "date": "2020-03-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-899" }, { "date": "2020-08-24T17:37:00", "db": "NVD", "id": "CVE-2019-4619" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-899" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and MQ Appliance Vulnerability regarding information leakage in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014903" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-899" } ], "trust": 0.6 } }
var-202004-1758
Vulnerability from variot
IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840. Vendor exploits this vulnerability IBM X-Force ID: 175840 It is published as.Service operation interruption (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1758", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.5" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1 cd" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1 lts" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1 cd" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1 lts" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.4" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4267" }, { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "NVD", "id": "CVE-2020-4267" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.5", "versionStartIncluding": "9.1.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4267" } ] }, "cve": "CVE-2020-4267", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2020-4267", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 1.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-004676", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2020-4267", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-004676", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-4267", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-004676", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202004-2043", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-4267", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4267" }, { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "CNNVD", "id": "CNNVD-202004-2043" }, { "db": "NVD", "id": "CVE-2020-4267" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840. Vendor exploits this vulnerability IBM X-Force ID: 175840 It is published as.Service operation interruption (DoS) It may be put into a state", "sources": [ { "db": "NVD", "id": "CVE-2020-4267" }, { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "VULMON", "id": "CVE-2020-4267" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4267", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2020-004676", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202004-2043", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-4267", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4267" }, { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "CNNVD", "id": "CNNVD-202004-2043" }, { "db": "NVD", "id": "CVE-2020-4267" } ] }, "id": "VAR-202004-1758", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T10:21:38.661000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6195384", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6195384" }, { "title": "ibm-mq-cve20204267-dos (175840)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840" }, { "title": "IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117266" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "CNNVD", "id": "CNNVD-202004-2043" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-401", "trust": 1.0 }, { "problemtype": "CWE-772", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "NVD", "id": "CVE-2020-4267" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6195384" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4267" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4267" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4267/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-memory-leak-32535" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-mq-appliance-could-allow-an-authenticated-user-cause-a-denial-of-service-due-to-a-memory-leak-cve-2020-4267/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/772.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4267" }, { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "CNNVD", "id": "CNNVD-202004-2043" }, { "db": "NVD", "id": "CVE-2020-4267" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2020-4267" }, { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "CNNVD", "id": "CNNVD-202004-2043" }, { "db": "NVD", "id": "CVE-2020-4267" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-04-24T00:00:00", "db": "VULMON", "id": "CVE-2020-4267" }, { "date": "2020-05-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "date": "2020-04-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-2043" }, { "date": "2020-04-24T16:15:00", "db": "NVD", "id": "CVE-2020-4267" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-04-30T00:00:00", "db": "VULMON", "id": "CVE-2020-4267" }, { "date": "2020-05-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "date": "2020-06-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-2043" }, { "date": "2021-07-21T11:39:00", "db": "NVD", "id": "CVE-2020-4267" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202004-2043" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and MQ Appliance Vulnerability regarding lack of resource release after valid lifetime in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-004676" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202004-2043" } ], "trust": 0.6 } }
var-201806-0788
Vulnerability from variot
IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598. IBM WebSphere MQ Contains a certificate validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 142598 It is released as.Information may be obtained. Multiple IBM Products are prone to an information-disclosure vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0788", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "websphere mq", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "8.0" }, { "model": "websphere mq", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "9.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.3" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "websphere mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.4" } ], "sources": [ { "db": "BID", "id": "104587" }, { "db": "JVNDB", "id": "JVNDB-2018-007018" }, { "db": "CNNVD", "id": "CNNVD-201806-1351" }, { "db": "NVD", "id": "CVE-2018-1543" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-1543" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM.", "sources": [ { "db": "BID", "id": "104587" } ], "trust": 0.3 }, "cve": "CVE-2018-1543", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-1543", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 1.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-1543", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 1.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-1543", "trust": 1.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201806-1351", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-007018" }, { "db": "CNNVD", "id": "CNNVD-201806-1351" }, { "db": "NVD", "id": "CVE-2018-1543" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598. IBM WebSphere MQ Contains a certificate validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 142598 It is released as.Information may be obtained. Multiple IBM Products are prone to an information-disclosure vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2018-1543" }, { "db": "JVNDB", "id": "JVNDB-2018-007018" }, { "db": "BID", "id": "104587" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-1543", "trust": 2.7 }, { "db": "JVNDB", "id": "JVNDB-2018-007018", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201806-1351", "trust": 0.6 }, { "db": "BID", "id": "104587", "trust": 0.3 } ], "sources": [ { "db": "BID", "id": "104587" }, { "db": "JVNDB", "id": "JVNDB-2018-007018" }, { "db": "CNNVD", "id": "CNNVD-201806-1351" }, { "db": "NVD", "id": "CVE-2018-1543" } ] }, "id": "VAR-201806-0788", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.27272728 }, "last_update_date": "2022-05-04T10:00:41.934000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "2016346", "trust": 0.8, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg22016346" }, { "title": "IBM WebSphere MQ Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81608" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-007018" }, { "db": "CNNVD", "id": "CNNVD-201806-1351" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-295", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-007018" }, { "db": "NVD", "id": "CVE-2018-1543" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.ibm.com/support/docview.wss?uid=swg22016346" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142598" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1543" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1543" }, { "trust": 0.3, "url": "http://www.ibm.com/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22016346" } ], "sources": [ { "db": "BID", "id": "104587" }, { "db": "JVNDB", "id": "JVNDB-2018-007018" }, { "db": "CNNVD", "id": "CNNVD-201806-1351" }, { "db": "NVD", "id": "CVE-2018-1543" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "104587" }, { "db": "JVNDB", "id": "JVNDB-2018-007018" }, { "db": "CNNVD", "id": "CNNVD-201806-1351" }, { "db": "NVD", "id": "CVE-2018-1543" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-05-22T00:00:00", "db": "BID", "id": "104587" }, { "date": "2018-09-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-007018" }, { "date": "2018-06-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201806-1351" }, { "date": "2018-06-27T18:29:00", "db": "NVD", "id": "CVE-2018-1543" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-05-22T00:00:00", "db": "BID", "id": "104587" }, { "date": "2018-09-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-007018" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201806-1351" }, { "date": "2019-10-09T23:38:00", "db": "NVD", "id": "CVE-2018-1543" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201806-1351" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ Vulnerabilities related to certificate validation", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-007018" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "trust management problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201806-1351" } ], "trust": 0.6 } }
var-202102-0826
Vulnerability from variot
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware.
There is a security vulnerability in the IBM MQ Appliance. Attackers can use this vulnerability to trigger a fatal error through the AMQP channel of the IBM MQ appliance, thereby triggering a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0826", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": null, "trust": 0.6, "vendor": "ibm", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" }, { "db": "NVD", "id": "CVE-2020-4931" } ] }, "cve": "CVE-2020-4931", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2020-4931", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CNVD-2021-12640", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2020-4931", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2020-4931", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-4931", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2020-4931", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2021-12640", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202102-1508", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" }, { "db": "CNNVD", "id": "CNNVD-202102-1508" }, { "db": "NVD", "id": "CVE-2020-4931" }, { "db": "NVD", "id": "CVE-2020-4931" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. \n\r\n\r\nThere is a security vulnerability in the IBM MQ Appliance. Attackers can use this vulnerability to trigger a fatal error through the AMQP channel of the IBM MQ appliance, thereby triggering a denial of service", "sources": [ { "db": "NVD", "id": "CVE-2020-4931" }, { "db": "CNVD", "id": "CNVD-2021-12640" } ], "trust": 1.44 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4931", "trust": 2.2 }, { "db": "CNVD", "id": "CNVD-2021-12640", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-1508", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" }, { "db": "CNNVD", "id": "CNNVD-202102-1508" }, { "db": "NVD", "id": "CVE-2020-4931" } ] }, "id": "VAR-202102-0826", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" } ] }, "last_update_date": "2024-11-23T23:07:39.677000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for IBM MQ Appliance Denial of Service Vulnerability (CNVD-2021-12640)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/249166" }, { "title": "IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142521" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" }, { "db": "CNNVD", "id": "CNNVD-202102-1508" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4931" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6403295" }, { "trust": 1.2, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4931/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4931" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-amqp-channels-34652" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-amqp-channels-could-allow-an-authenticated-user-to-cause-a-denial-of-service-due-to-an-issue-processing-messages-cve-2020-4931/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" }, { "db": "CNNVD", "id": "CNNVD-202102-1508" }, { "db": "NVD", "id": "CVE-2020-4931" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-12640" }, { "db": "CNNVD", "id": "CNNVD-202102-1508" }, { "db": "NVD", "id": "CVE-2020-4931" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-25T00:00:00", "db": "CNVD", "id": "CNVD-2021-12640" }, { "date": "2021-02-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-1508" }, { "date": "2021-02-24T18:15:12.797000", "db": "NVD", "id": "CVE-2020-4931" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-26T00:00:00", "db": "CNVD", "id": "CNVD-2021-12640" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-1508" }, { "date": "2024-11-21T05:33:26.623000", "db": "NVD", "id": "CVE-2020-4931" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1508" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance Denial of Service Vulnerability (CNVD-2021-12640)", "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1508" } ], "trust": 0.6 } }
var-201904-0357
Vulnerability from variot
IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. IBM MQ Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 156564 Published as.Denial of service (DoS) May be in a state. An attacker can exploit this issue to cause a denial-of-service condition. The following product and versions are affected: IBM MQ and MQ Appliance from versions 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.1.0.0 through 9.1.0.1 and 9.1.0 through 9.1.1
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0357", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.5" }, { "model": "mq appliance", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "mq appliance", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0.0.0 to 8.0.0.10" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.0.0.0 to 9.0.0.5" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.0.0 to 9.1.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.5" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.5" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.5" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.4" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.3" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.2" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "mq lts", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.6" }, { "model": "mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.11" } ], "sources": [ { "db": "BID", "id": "108027" }, { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "NVD", "id": "CVE-2019-4055" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:mq_appliance", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003617" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported the issue.", "sources": [ { "db": "BID", "id": "108027" }, { "db": "CNNVD", "id": "CNNVD-201904-879" } ], "trust": 0.9 }, "cve": "CVE-2019-4055", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2019-4055", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-4055", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-4055", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-4055", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2019-4055", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-4055", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201904-879", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "CNNVD", "id": "CNNVD-201904-879" }, { "db": "NVD", "id": "CVE-2019-4055" }, { "db": "NVD", "id": "CVE-2019-4055" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. IBM MQ Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 156564 Published as.Denial of service (DoS) May be in a state. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThe following product and versions are affected:\nIBM MQ and MQ Appliance from versions 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.1.0.0 through 9.1.0.1 and 9.1.0 through 9.1.1", "sources": [ { "db": "NVD", "id": "CVE-2019-4055" }, { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "BID", "id": "108027" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4055", "trust": 2.7 }, { "db": "BID", "id": "108027", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2019-003617", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.1347", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4784", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.4106", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3122", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201904-879", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "108027" }, { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "CNNVD", "id": "CNNVD-201904-879" }, { "db": "NVD", "id": "CVE-2019-4055" } ] }, "id": "VAR-201904-0357", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.46875 }, "last_update_date": "2024-11-23T19:38:16.858000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "0870484", "trust": 0.8, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870484" }, { "title": "ibm-websphere-cve20194055-dos (156564)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564" }, { "title": "IBM MQ and IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=91713" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "CNNVD", "id": "CNNVD-201904-879" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "NVD", "id": "CVE-2019-4055" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870484" }, { "trust": 2.2, "url": "http://www.securityfocus.com/bid/108027" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4055" }, { "trust": 0.9, "url": "http://www.ibm.com/" }, { "trust": 0.9, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10870484" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4055" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1137634" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1115109" }, { "trust": 0.6, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10967151" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-tls-key-renegotiation-29053" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10967151" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1115031" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/79378" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.4106" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3122/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4784/" } ], "sources": [ { "db": "BID", "id": "108027" }, { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "CNNVD", "id": "CNNVD-201904-879" }, { "db": "NVD", "id": "CVE-2019-4055" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "108027" }, { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "CNNVD", "id": "CNNVD-201904-879" }, { "db": "NVD", "id": "CVE-2019-4055" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-16T00:00:00", "db": "BID", "id": "108027" }, { "date": "2019-05-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "date": "2019-04-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-879" }, { "date": "2019-04-19T17:29:01.987000", "db": "NVD", "id": "CVE-2019-4055" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-16T00:00:00", "db": "BID", "id": "108027" }, { "date": "2019-05-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "date": "2023-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-879" }, { "date": "2024-11-21T04:43:05.823000", "db": "NVD", "id": "CVE-2019-4055" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-879" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003617" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-879" } ], "trust": 0.6 } }