All the vulnerabilites related to IBM - MQ Appliance
var-202003-0589
Vulnerability from variot

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862. Vendor exploits this vulnerability IBM X-Force ID: 168862 It is published as.Information may be obtained

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0589",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.9"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.4"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.4"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "websphere mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.9"
      },
      {
        "model": "websphere mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "mq",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "websphere mq",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014903"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4619"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.0.0.14",
                    "versionStartIncluding": "8.0.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.0.0.9",
                    "versionStartIncluding": "9.0.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.1.4",
                    "versionStartIncluding": "9.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.1.0.4",
                    "versionStartIncluding": "9.1.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.0.0.14",
                    "versionStartIncluding": "8.0.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.1.4",
                    "versionStartIncluding": "9.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.1.0.4",
                    "versionStartIncluding": "9.1.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.5.0.9",
                    "versionStartIncluding": "7.1.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.0.14",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.0.9",
                "versionStartIncluding": "9.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.4",
                "versionStartIncluding": "9.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0.4",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.0.14",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.4",
                "versionStartIncluding": "9.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0.4",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.0.9",
                "versionStartIncluding": "7.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4619"
      }
    ]
  },
  "cve": "CVE-2019-4619",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-4619",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "LOW",
            "trust": 1.1,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014903",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-4619",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014903",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-4619",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-014903",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202003-899",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-4619",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-4619"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014903"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-899"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4619"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862. Vendor exploits this vulnerability IBM X-Force ID: 168862 It is published as.Information may be obtained",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4619"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014903"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-4619"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-4619",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014903",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-899",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-4619",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-4619"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014903"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-899"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4619"
      }
    ]
  },
  "id": "VAR-202003-0589",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T09:02:47.160000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "1135101",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/1135101"
      },
      {
        "title": "ibm-mq-cve20194619-info-disc (168862)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862"
      },
      {
        "title": "IBM MQ  and IBM MQ Appliance Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112528"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014903"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-899"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-209",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014903"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4619"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.ibm.com/support/pages/node/1135101"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4619"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4619"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-information-disclosure-31786"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-a-local-attacker-to-obtain-sensitive-information-by-inclusion-of-sensitive-data-within-trace-cve-2019-4619/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-by-inclusion-of-sensitive-data-within-trace-cve-2019-4619/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/209.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-4619"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014903"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-899"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4619"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-4619"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014903"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-899"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4619"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-4619"
      },
      {
        "date": "2020-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014903"
      },
      {
        "date": "2020-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-899"
      },
      {
        "date": "2020-03-16T16:15:00",
        "db": "NVD",
        "id": "CVE-2019-4619"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-4619"
      },
      {
        "date": "2020-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014903"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-899"
      },
      {
        "date": "2020-08-24T17:37:00",
        "db": "NVD",
        "id": "CVE-2019-4619"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-899"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ and  MQ Appliance Vulnerability regarding information leakage in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014903"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-899"
      }
    ],
    "trust": 0.6
  }
}

var-202202-1477
Vulnerability from variot

IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. Vendors may IBM X-Force ID: 218368 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one appliance for rapidly deploying enterprise-class messaging middleware

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202202-1477",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.5"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.5"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2 lts"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2 cd"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "mq appliance lts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51680"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006841"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22321"
      }
    ]
  },
  "cve": "CVE-2022-22321",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-22321",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2022-51680",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2022-22321",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.4,
            "id": "CVE-2022-22321",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-22321",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-22321",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2022-22321",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-22321",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-51680",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202202-2176",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-22321",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51680"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22321"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-2176"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22321"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22321"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. Vendors may IBM X-Force ID: 218368 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one appliance for rapidly deploying enterprise-class messaging middleware",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22321"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006841"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-51680"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22321"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22321",
        "trust": 3.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006841",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-51680",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0853",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-2176",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22321",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51680"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22321"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-2176"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22321"
      }
    ]
  },
  "id": "VAR-202202-1477",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51680"
      }
    ],
    "trust": 1.06875
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51680"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:10:57.340000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6560042 IBM\u00a0X-Force\u00a0Exchange",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6560042"
      },
      {
        "title": "Patch for IBM MQ Appliance Information Disclosure Vulnerability (CNVD-2022-51680)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/339966"
      },
      {
        "title": "IBM MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184361"
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-23305 "
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-RCE "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51680"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22321"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-2176"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-326",
        "trust": 1.0
      },
      {
        "problemtype": "Inadequate protection of credentials (CWE-522) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006841"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22321"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368"
      },
      {
        "trust": 1.7,
        "url": "https://www.ibm.com/support/pages/node/6560042"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22321"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-weak-encryption-via-password-hash-37667"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0853"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-22321/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/326.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51680"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22321"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-2176"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22321"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51680"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22321"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-2176"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22321"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-51680"
      },
      {
        "date": "2022-03-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22321"
      },
      {
        "date": "2023-07-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-006841"
      },
      {
        "date": "2022-02-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202202-2176"
      },
      {
        "date": "2022-03-01T17:15:08.073000",
        "db": "NVD",
        "id": "CVE-2022-22321"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-51680"
      },
      {
        "date": "2023-08-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22321"
      },
      {
        "date": "2023-07-10T07:14:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-006841"
      },
      {
        "date": "2022-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202202-2176"
      },
      {
        "date": "2024-11-21T06:46:38.320000",
        "db": "NVD",
        "id": "CVE-2022-22321"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-2176"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability regarding insufficient protection of authentication information in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006841"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-2176"
      }
    ],
    "trust": 0.6
  }
}

var-201707-0666
Vulnerability from variot

IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146. Multiple IBM Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0666",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005576"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-525"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1285"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1285"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM",
    "sources": [
      {
        "db": "BID",
        "id": "99538"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-1285",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-1285",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-1285",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 1.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-1285",
            "trust": 1.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-525",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005576"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-525"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1285"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146. Multiple IBM Products are prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause denial-of-service condition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1285"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005576"
      },
      {
        "db": "BID",
        "id": "99538"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-1285",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "99538",
        "trust": 1.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005576",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-525",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005576"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-525"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1285"
      }
    ]
  },
  "id": "VAR-201707-0666",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T09:51:28.671000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "2003856",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003856"
      },
      {
        "title": "IBM MQ Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71671"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005576"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-525"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005576"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1285"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=swg22003856"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/99538"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1285"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1285"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www-306.ibm.com/software/integration/wmq/"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg22003856"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005576"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-525"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1285"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "99538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005576"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-525"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1285"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-10T00:00:00",
        "db": "BID",
        "id": "99538"
      },
      {
        "date": "2017-08-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005576"
      },
      {
        "date": "2017-07-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-525"
      },
      {
        "date": "2017-07-12T17:29:00",
        "db": "NVD",
        "id": "CVE-2017-1285"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-10T00:00:00",
        "db": "BID",
        "id": "99538"
      },
      {
        "date": "2017-08-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005576"
      },
      {
        "date": "2017-07-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-525"
      },
      {
        "date": "2017-07-17T16:42:00",
        "db": "NVD",
        "id": "CVE-2017-1285"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-525"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere MQ Vulnerable to sending crafted messages",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005576"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-525"
      }
    ],
    "trust": 0.6
  }
}

var-202007-1084
Vulnerability from variot

IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080. Vendor exploits this vulnerability IBM X-Force ID: 179080 It is published as.Service operation interruption (DoS) It may be put into a state

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1084",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.6"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "mq appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008718"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4375"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.0.15",
                "versionStartIncluding": "8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.0.0",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0.6",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4375"
      }
    ]
  },
  "cve": "CVE-2020-4375",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-4375",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-008718",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-4375",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-008718",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-4375",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-008718",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202007-1536",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008718"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1536"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4375"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080. Vendor exploits this vulnerability IBM X-Force ID: 179080 It is published as.Service operation interruption (DoS) It may be put into a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008718"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-4375",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008718",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "47991",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1536",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008718"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1536"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4375"
      }
    ]
  },
  "id": "VAR-202007-1084",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T10:15:06.179000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6252785",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6252785"
      },
      {
        "title": "ibm-mq-cve20204375-dos (179080)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179080"
      },
      {
        "title": "IBM MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=125187"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008718"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1536"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-401",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-772",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008718"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4375"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179080"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/pages/node/6252785"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4375"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4375"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-integration-servers-could-cause-a-denial-of-service-or-a-buffer-overflow-when-using-mq/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-memory-leak-via-dynamic-queue-error-32946"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-4375/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4375/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-attacker-to-cause-a-denial-of-service-due-to-a-memory-leak-caused-by-an-error-creating-a-dynamic-queue-cve-2020-4375/"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/47991"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008718"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1536"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4375"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008718"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1536"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4375"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008718"
      },
      {
        "date": "2020-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-1536"
      },
      {
        "date": "2020-07-28T12:15:00",
        "db": "NVD",
        "id": "CVE-2020-4375"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008718"
      },
      {
        "date": "2020-12-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-1536"
      },
      {
        "date": "2021-07-21T11:39:00",
        "db": "NVD",
        "id": "CVE-2020-4375"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1536"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  IBM Vulnerability in lack of release of resources after valid lifetime in product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008718"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1536"
      }
    ],
    "trust": 0.6
  }
}

var-202204-1117
Vulnerability from variot

IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. IBM MQ Appliance Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202204-1117",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2 lts"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2 cd"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "mq appliance lts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36974"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009546"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22355"
      }
    ]
  },
  "cve": "CVE-2022-22355",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-22355",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2022-36974",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-22355",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-22355",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-22355",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2022-22355",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-22355",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-36974",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202204-1999",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-22355",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36974"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22355"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009546"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-1999"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22355"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22355"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. IBM MQ Appliance Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22355"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009546"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-36974"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22355"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22355",
        "trust": 3.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009546",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-36974",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-1999",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22355",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36974"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22355"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009546"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-1999"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22355"
      }
    ]
  },
  "id": "VAR-202204-1117",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36974"
      }
    ],
    "trust": 1.06875
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36974"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:54:36.812000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6564711 IBM\u00a0X-Force\u00a0Exchange",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6564711"
      },
      {
        "title": "Patch for IBM MQ Appliance Denial of Service Vulnerability (CNVD-2022-36974)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/332786"
      },
      {
        "title": "IBM MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=188015"
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-23305 "
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-RCE "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36974"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22355"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009546"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-1999"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009546"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22355"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220486"
      },
      {
        "trust": 1.7,
        "url": "https://www.ibm.com/support/pages/node/6564711"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22355"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-22355/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-login-component-37957"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36974"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22355"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009546"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-1999"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22355"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36974"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22355"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009546"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-1999"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22355"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-36974"
      },
      {
        "date": "2022-04-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22355"
      },
      {
        "date": "2023-08-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-009546"
      },
      {
        "date": "2022-04-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-1999"
      },
      {
        "date": "2022-04-05T17:15:08.320000",
        "db": "NVD",
        "id": "CVE-2022-22355"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-36974"
      },
      {
        "date": "2022-04-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22355"
      },
      {
        "date": "2023-08-07T05:39:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-009546"
      },
      {
        "date": "2022-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-1999"
      },
      {
        "date": "2024-11-21T06:46:41.520000",
        "db": "NVD",
        "id": "CVE-2022-22355"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-1999"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009546"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-1999"
      }
    ],
    "trust": 0.6
  }
}

var-202111-1527
Vulnerability from variot

IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1527",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92962"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015729"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38999"
      }
    ]
  },
  "cve": "CVE-2021-38999",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-38999",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2021-92962",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-38999",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.4,
            "id": "CVE-2021-38999",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-38999",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-38999",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2021-38999",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-38999",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-92962",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202111-2173",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-38999",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92962"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-38999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2173"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38999"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38999"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-38999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015729"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-92962"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-38999"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-38999",
        "trust": 3.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015729",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-92962",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4024",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2173",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-38999",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92962"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-38999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2173"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38999"
      }
    ]
  },
  "id": "VAR-202111-1527",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92962"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92962"
      }
    ]
  },
  "last_update_date": "2024-08-14T13:23:09.518000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6519418 IBM\u00a0X-Force\u00a0Exchange",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6519418"
      },
      {
        "title": "Patch for IBM MQ Appliance Information Disclosure Vulnerability (CNVD-2021-92962)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/302081"
      },
      {
        "title": "IBM MQ Appliance Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172092"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92962"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2173"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.0
      },
      {
        "problemtype": "information leak (CWE-200) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015729"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38999"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.ibm.com/support/pages/node/6519418"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213214"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38999"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4024"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-logged-sensitive-information-via-trace-36984"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92962"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-38999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2173"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38999"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92962"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-38999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2173"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38999"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-92962"
      },
      {
        "date": "2021-11-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-38999"
      },
      {
        "date": "2022-11-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-015729"
      },
      {
        "date": "2021-11-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-2173"
      },
      {
        "date": "2021-11-30T17:15:11.533000",
        "db": "NVD",
        "id": "CVE-2021-38999"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-92962"
      },
      {
        "date": "2021-11-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-38999"
      },
      {
        "date": "2022-11-29T08:16:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-015729"
      },
      {
        "date": "2021-12-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-2173"
      },
      {
        "date": "2021-11-30T20:29:04.297000",
        "db": "NVD",
        "id": "CVE-2021-38999"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2173"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability regarding information leakage in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015729"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2173"
      }
    ],
    "trust": 0.6
  }
}

var-201812-0395
Vulnerability from variot

IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724. Vendors have confirmed this vulnerability IBM X-Force ID: 144724 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition. IBM DataPower Gateway is a secure and integrated platform designed for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The following products and versions are affected: IBM DataPower Gateway Version 7.1.0.0 to Version 7.1.0.19, Version 7.2.0.0 to Version 7.2.0.16, Version 7.5.0.0 to Version 7.5.0.10, Version 7.5.1.0 to Version 7.5.1.9, Version 7.5.2.0 to version 7.5.2.9, version 7.6.0.0 to version 7.6.0.2; MQ Appliance version 8.0.0.0 to version 8.0.0.8, version 9.0.1 to version 9.0.5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0395",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.2.9"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.10"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.6.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.6.0.2"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.1.9"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.2.0.16"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.2.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.5"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.1.0.19"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "mq appliance",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.1.0.0 to  7.1.0.19"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.2.0.0 to  7.2.0.16"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.5.0.0 to  7.5.0.10"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.5.1.0 to  7.5.1.9"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.5.2.0 to  7.5.2.9"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.6.0.0 to  7.6.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0.0.0 to  8.0.0.8"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.0.1 to  9.0.5"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.5"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.8"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.8"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.4"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.3"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.4"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.10"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.16"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.15"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.11"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.10"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.1"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.4"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.9"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.8"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.4"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.3"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.19"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.18"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.15"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.14"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.12"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.11"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "mq appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "mq appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.3"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.10"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.10"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.11"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.17"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.20"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106403"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-341"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1652"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:datapower_gateway",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ibm:mq_appliance",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012014"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported the issue.",
    "sources": [
      {
        "db": "BID",
        "id": "106403"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-1652",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-1652",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-126887",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-1652",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.5,
            "id": "CVE-2018-1652",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-1652",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2018-1652",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-1652",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-341",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-126887",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126887"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-341"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1652"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1652"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724. Vendors have confirmed this vulnerability IBM X-Force ID: 144724 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial-of-service condition. IBM DataPower Gateway is a secure and integrated platform designed for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The following products and versions are affected: IBM DataPower Gateway Version 7.1.0.0 to Version 7.1.0.19, Version 7.2.0.0 to Version 7.2.0.16, Version 7.5.0.0 to Version 7.5.0.10, Version 7.5.1.0 to Version 7.5.1.9, Version 7.5.2.0 to version 7.5.2.9, version 7.6.0.0 to version 7.6.0.2; MQ Appliance version 8.0.0.0 to version 8.0.0.8, version 9.0.1 to version 9.0.5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1652"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012014"
      },
      {
        "db": "BID",
        "id": "106403"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126887"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1652",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012014",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-341",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "106403",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-126887",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126887"
      },
      {
        "db": "BID",
        "id": "106403"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-341"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1652"
      }
    ]
  },
  "id": "VAR-201812-0395",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126887"
      }
    ],
    "trust": 0.56875
  },
  "last_update_date": "2024-11-23T22:51:53.839000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "0717483",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483"
      },
      {
        "title": "0744557",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557"
      },
      {
        "title": "ibm-mq-cve20181652-dos (144724)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724"
      },
      {
        "title": "IBM DataPower Gateway Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87602"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-341"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126887"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012014"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1652"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483"
      },
      {
        "trust": 1.7,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1652"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1652"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744557"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10717483"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126887"
      },
      {
        "db": "BID",
        "id": "106403"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-341"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1652"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-126887"
      },
      {
        "db": "BID",
        "id": "106403"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-341"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1652"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126887"
      },
      {
        "date": "2018-12-07T00:00:00",
        "db": "BID",
        "id": "106403"
      },
      {
        "date": "2019-01-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012014"
      },
      {
        "date": "2018-12-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-341"
      },
      {
        "date": "2018-12-11T16:29:00.467000",
        "db": "NVD",
        "id": "CVE-2018-1652"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126887"
      },
      {
        "date": "2018-12-07T00:00:00",
        "db": "BID",
        "id": "106403"
      },
      {
        "date": "2019-01-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012014"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-341"
      },
      {
        "date": "2024-11-21T04:00:08.467000",
        "db": "NVD",
        "id": "CVE-2018-1652"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "106403"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-341"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM DataPower Gateway and  MQ Appliance Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012014"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-341"
      }
    ],
    "trust": 0.6
  }
}

var-201912-0153
Vulnerability from variot

IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357. IBM MQ and IBM MQ Appliance Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 166357 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0153",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.8"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.4"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.0 lts"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1 cd"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1 lts"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013197"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4560"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.0.13",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0.0.8",
                "versionStartIncluding": "9.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0.4",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.4",
                "versionStartIncluding": "9.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4560"
      }
    ]
  },
  "cve": "CVE-2019-4560",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-4560",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-4560",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-4560",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-4560",
            "trust": 1.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201912-702",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-702"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4560"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357. IBM MQ and IBM MQ Appliance Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 166357 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4560"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013197"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-4560",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013197",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4680",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-702",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-702"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4560"
      }
    ]
  },
  "id": "VAR-201912-0153",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T08:35:13.396000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "1106037",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/1106037"
      },
      {
        "title": "ibm-mq-cve20194560-dos (166357)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166357"
      },
      {
        "title": "IBM MQ  and IBM MQ Appliance Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105657"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-702"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013197"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4560"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.ibm.com/support/pages/node/1106037"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166357"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4560"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4560"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1120443"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4680/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-multiple-vulnerabilities-within-ibm-mq-cve-2019-4655-cve-2019-4560-cve-2019-4614-cve-2019-4620/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-queue-manager-mqput-31172"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-702"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4560"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-702"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4560"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-013197"
      },
      {
        "date": "2019-12-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-702"
      },
      {
        "date": "2019-12-16T16:15:00",
        "db": "NVD",
        "id": "CVE-2019-4560"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-013197"
      },
      {
        "date": "2020-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-702"
      },
      {
        "date": "2021-07-21T11:39:00",
        "db": "NVD",
        "id": "CVE-2019-4560"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-702"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ and  IBM MQ Appliance Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013197"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-702"
      }
    ],
    "trust": 0.6
  }
}

var-202001-0211
Vulnerability from variot

IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863. IBM MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 168863 Published as.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware by IBM Corporation in the United States. The vulnerability stems from a network system or product that did not properly validate the input data. No detailed vulnerability details are provided at this time

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0211",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": null,
        "trust": 1.4,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.4"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1.3"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014395"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1261"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4620"
      }
    ]
  },
  "cve": "CVE-2019-4620",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-4620",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "id": "CNVD-2020-04908",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-4620",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.5,
            "id": "CVE-2019-4620",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-4620",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-4620",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2019-4620",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-4620",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-04908",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-1261",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014395"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1261"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4620"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4620"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863. IBM MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 168863 Published as.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware by IBM Corporation in the United States. The vulnerability stems from a network system or product that did not properly validate the input data. No detailed vulnerability details are provided at this time",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014395"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-04908"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-4620",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014395",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-04908",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0266",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1261",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014395"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1261"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4620"
      }
    ]
  },
  "id": "VAR-202001-0211",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04908"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04908"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:21:53.901000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "168863 IBM\u00a0X-Force\u00a0Exchange",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/1125891"
      },
      {
        "title": "Patch for IBM MQ Appliance Input Validation Error Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/200333"
      },
      {
        "title": "IBM MQ Appliance Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107610"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014395"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1261"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014395"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4620"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168863"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/pages/node/1125891"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4620"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1106523"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1125897"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1135023"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1127031"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0266/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-bypass-security-restrictions-cve-2019-4620/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-multiple-vulnerabilities-within-ibm-mq-cve-2019-4655-cve-2019-4560-cve-2019-4614-cve-2019-4620/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014395"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1261"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4620"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014395"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1261"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4620"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-04908"
      },
      {
        "date": "2020-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014395"
      },
      {
        "date": "2020-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-1261"
      },
      {
        "date": "2020-01-28T19:15:13.217000",
        "db": "NVD",
        "id": "CVE-2019-4620"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-04908"
      },
      {
        "date": "2020-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014395"
      },
      {
        "date": "2020-02-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-1261"
      },
      {
        "date": "2024-11-21T04:43:52.990000",
        "db": "NVD",
        "id": "CVE-2019-4620"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1261"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance Input Validation Error Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04908"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1261"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1261"
      }
    ],
    "trust": 0.6
  }
}

var-202003-0592
Vulnerability from variot

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0592",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.4"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "websphere mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.9"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.4"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "websphere mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.9"
      },
      {
        "model": "mq",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "websphere mq",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "mq appliance lts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17505"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014905"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4719"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:mq",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ibm:mq_appliance",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ibm:websphere_mq",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014905"
      }
    ]
  },
  "cve": "CVE-2019-4719",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-4719",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.0,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014905",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2020-17505",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-4719",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.4,
            "id": "CVE-2019-4719",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014905",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-4719",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2019-4719",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-014905",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-17505",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202003-904",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17505"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014905"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-904"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4719"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4719"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4719"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014905"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17505"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-4719",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014905",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17505",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.4106",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-904",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17505"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014905"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-904"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4719"
      }
    ]
  },
  "id": "VAR-202003-0592",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17505"
      }
    ],
    "trust": 1.06875
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17505"
      }
    ]
  },
  "last_update_date": "2024-11-23T20:33:16.637000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "1136608",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/1136608"
      },
      {
        "title": "ibm-mq-cve20194719-info-disc (172124)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124"
      },
      {
        "title": "Patch for IBM MQ and IBM MQ Appliance information disclosure vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/209203"
      },
      {
        "title": "IBM MQ  and IBM MQ Appliance Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=112529"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17505"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014905"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-904"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014905"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4719"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/pages/node/1136608"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4719"
      },
      {
        "trust": 1.2,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-cve-2019-4719/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4719"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-cve-2019-4719/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.4106"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17505"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014905"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-904"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4719"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17505"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014905"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-904"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4719"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-17505"
      },
      {
        "date": "2020-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014905"
      },
      {
        "date": "2020-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-904"
      },
      {
        "date": "2020-03-16T16:15:12.750000",
        "db": "NVD",
        "id": "CVE-2019-4719"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-17505"
      },
      {
        "date": "2020-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014905"
      },
      {
        "date": "2023-07-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-904"
      },
      {
        "date": "2024-11-21T04:44:02.880000",
        "db": "NVD",
        "id": "CVE-2019-4719"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-904"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ and IBM MQ Appliance information disclosure vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17505"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-904"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-904"
      }
    ],
    "trust": 0.6
  }
}

var-202107-0508
Vulnerability from variot

IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0508",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.2"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.8"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4938"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.2",
                "versionStartIncluding": "9.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0.8",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.0.2",
                "versionStartIncluding": "9.2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4938"
      }
    ]
  },
  "cve": "CVE-2020-4938",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-4938",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 1.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-4938",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-4938",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202107-583",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-4938",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-4938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-583"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4938"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4938"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4938"
      }
    ],
    "trust": 0.99
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-4938",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-583",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4938",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-4938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-583"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4938"
      }
    ]
  },
  "id": "VAR-202107-0508",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T10:10:34.479000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4938"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.ibm.com/support/pages/node/6466717"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191815"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4938"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected-by-a-cross-site-request-forgery-vulnerability-cve-2020-4938/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-cross-site-request-forgery-35848"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/352.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-4938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-583"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4938"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2020-4938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-583"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4938"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-4938"
      },
      {
        "date": "2021-07-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202107-583"
      },
      {
        "date": "2021-07-12T16:15:00",
        "db": "NVD",
        "id": "CVE-2020-4938"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-4938"
      },
      {
        "date": "2021-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202107-583"
      },
      {
        "date": "2021-07-14T15:07:00",
        "db": "NVD",
        "id": "CVE-2020-4938"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-583"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance Cross-site request forgery vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-583"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-583"
      }
    ],
    "trust": 0.6
  }
}

var-202204-1116
Vulnerability from variot

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. IBM MQ Appliance contains an observable mismatch vulnerability. Vendors may IBM X-Force ID: 220487 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202204-1116",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2 lts"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2 cd"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "mq appliance lts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36975"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009545"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22356"
      }
    ]
  },
  "cve": "CVE-2022-22356",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2022-22356",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2022-36975",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2022-22356",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.6,
            "id": "CVE-2022-22356",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-22356",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-22356",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2022-22356",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-22356",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-36975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202204-2000",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-22356",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22356"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009545"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2000"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22356"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22356"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. IBM MQ Appliance contains an observable mismatch vulnerability. Vendors may IBM X-Force ID: 220487 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22356"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009545"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-36975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22356"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22356",
        "trust": 3.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009545",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-36975",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2000",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22356",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22356"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009545"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2000"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22356"
      }
    ]
  },
  "id": "VAR-202204-1116",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36975"
      }
    ],
    "trust": 1.06875
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36975"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:58:27.346000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6564711 IBM\u00a0X-Force\u00a0Exchange",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6564711"
      },
      {
        "title": "Patch for IBM MQ Appliance Information Disclosure Vulnerability (CNVD-2022-36975)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/332781"
      },
      {
        "title": "IBM MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=188274"
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-23305 "
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-RCE "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22356"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009545"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2000"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-203",
        "trust": 1.0
      },
      {
        "problemtype": "Observable discrepancy (CWE-203) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009545"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22356"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220487"
      },
      {
        "trust": 1.7,
        "url": "https://www.ibm.com/support/pages/node/6564711"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22356"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-22356/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/203.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22356"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009545"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2000"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22356"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-36975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22356"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009545"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2000"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22356"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-36975"
      },
      {
        "date": "2022-04-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22356"
      },
      {
        "date": "2023-08-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-009545"
      },
      {
        "date": "2022-04-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-2000"
      },
      {
        "date": "2022-04-05T17:15:08.370000",
        "db": "NVD",
        "id": "CVE-2022-22356"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-36975"
      },
      {
        "date": "2022-04-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22356"
      },
      {
        "date": "2023-08-07T05:37:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-009545"
      },
      {
        "date": "2022-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-2000"
      },
      {
        "date": "2024-11-21T06:46:41.630000",
        "db": "NVD",
        "id": "CVE-2022-22356"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2000"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability regarding observable inconsistencies in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009545"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2000"
      }
    ],
    "trust": 0.6
  }
}

var-201908-0016
Vulnerability from variot

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188. Vendors have confirmed this vulnerability IBM X-Force ID: 16188 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform. The following products and versions are affected: IBM DataPower Gateway 2018.4.1.0 to 2018.4.1.6, DataPower Gateway 7.6.0.0 to 7.6.0.15, DataPower Gateway CD

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0016",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "datapower gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2018.4.1.7"
      },
      {
        "model": "mq appliance",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2018.4.1.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2018.4.1.6"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.6.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.6.0.15"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "2018.4.1.0 to  2018.4.1.6"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.6.0.0 to  7.6.0.15"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0.0.0 to  8.0.0.12"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1.0.0 to  9.1.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1.1 to  9.1.2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008161"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4294"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:datapower_gateway",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ibm:mq_appliance",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008161"
      }
    ]
  },
  "cve": "CVE-2019-4294",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-4294",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-155729",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-4294",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.5,
            "id": "CVE-2019-4294",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-4294",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-4294",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2019-4294",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-4294",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201908-1243",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-155729",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155729"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008161"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1243"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4294"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4294"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188. Vendors have confirmed this vulnerability IBM X-Force ID: 16188 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform. The following products and versions are affected: IBM DataPower Gateway 2018.4.1.0 to 2018.4.1.6, DataPower Gateway 7.6.0.0 to 7.6.0.15, DataPower Gateway CD",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008161"
      },
      {
        "db": "VULHUB",
        "id": "VHN-155729"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-4294",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008161",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1243",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-155729",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155729"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008161"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1243"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4294"
      }
    ]
  },
  "id": "VAR-201908-0016",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155729"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:37:03.476000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "0887005",
        "trust": 0.8,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10887005"
      },
      {
        "title": "0958933",
        "trust": 0.8,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10958933"
      },
      {
        "title": "ibm-mq-cve20194294-code-exec (160701)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160701"
      },
      {
        "title": "IBM DataPower Gateway Fixes for command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=96888"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008161"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1243"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-77",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155729"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008161"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4294"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887005"
      },
      {
        "trust": 1.7,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10958933"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160701"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4294"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4294"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10958933"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155729"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008161"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1243"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4294"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-155729"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008161"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1243"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4294"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-155729"
      },
      {
        "date": "2019-08-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008161"
      },
      {
        "date": "2019-08-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-1243"
      },
      {
        "date": "2019-08-20T19:15:11.730000",
        "db": "NVD",
        "id": "CVE-2019-4294"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-155729"
      },
      {
        "date": "2019-08-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008161"
      },
      {
        "date": "2022-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-1243"
      },
      {
        "date": "2024-11-21T04:43:26.147000",
        "db": "NVD",
        "id": "CVE-2019-4294"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1243"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM DataPower Gateway and  IBM MQ Appliance Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008161"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1243"
      }
    ],
    "trust": 0.6
  }
}

var-201912-0162
Vulnerability from variot

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966. IBM MQ Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 170966 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0162",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "ibm",
        "version": "9.1.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.4"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.4"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1.0.3"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "mq appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1.3"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013495"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-980"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4655"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.4",
                "versionStartIncluding": "9.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0.4",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.4",
                "versionStartIncluding": "9.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0.4",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4655"
      }
    ]
  },
  "cve": "CVE-2019-4655",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-4655",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-4655",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-4655",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-4655",
            "trust": 1.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201912-980",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013495"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-980"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4655"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966. IBM MQ Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 170966 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4655"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013495"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-4655",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013495",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-980",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013495"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-980"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4655"
      }
    ]
  },
  "id": "VAR-201912-0162",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T10:00:09.088000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "1106529",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/1106529"
      },
      {
        "title": "ibm-mq-cve20194655-dos (170966)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966"
      },
      {
        "title": "IBM MQ  and IBM MQ Appliance Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=106392"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013495"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-980"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013495"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4655"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/pages/node/1106529"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4655"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4655"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-data-conversion-fdc-31208"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-multiple-vulnerabilities-within-ibm-mq-cve-2019-4655-cve-2019-4560-cve-2019-4614-cve-2019-4620/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013495"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-980"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4655"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013495"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-980"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4655"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-013495"
      },
      {
        "date": "2019-12-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-980"
      },
      {
        "date": "2019-12-30T16:15:00",
        "db": "NVD",
        "id": "CVE-2019-4655"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-013495"
      },
      {
        "date": "2020-02-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-980"
      },
      {
        "date": "2021-07-21T11:39:00",
        "db": "NVD",
        "id": "CVE-2019-4655"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-980"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013495"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-980"
      }
    ],
    "trust": 0.6
  }
}

var-202004-1758
Vulnerability from variot

IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840. Vendor exploits this vulnerability IBM X-Force ID: 175840 It is published as.Service operation interruption (DoS) It may be put into a state

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1758",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.5"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1 cd"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1 lts"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1 cd"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1 lts"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "8.0.0.10"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "9.1.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "9.1.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "9.1.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "ibm",
        "version": "9.1.4"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-4267"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004676"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4267"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.0.14",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0.4",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.5",
                "versionStartIncluding": "9.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4267"
      }
    ]
  },
  "cve": "CVE-2020-4267",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2020-4267",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 1.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004676",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-4267",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004676",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-4267",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-004676",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-2043",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-4267",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-4267"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004676"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2043"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4267"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840. Vendor exploits this vulnerability IBM X-Force ID: 175840 It is published as.Service operation interruption (DoS) It may be put into a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4267"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004676"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4267"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-4267",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004676",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2043",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4267",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-4267"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004676"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2043"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4267"
      }
    ]
  },
  "id": "VAR-202004-1758",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T10:21:38.661000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6195384",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6195384"
      },
      {
        "title": "ibm-mq-cve20204267-dos (175840)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840"
      },
      {
        "title": "IBM MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117266"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004676"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2043"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-401",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-772",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004676"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4267"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840"
      },
      {
        "trust": 1.7,
        "url": "https://www.ibm.com/support/pages/node/6195384"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4267"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4267"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4267/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-memory-leak-32535"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-mq-appliance-could-allow-an-authenticated-user-cause-a-denial-of-service-due-to-a-memory-leak-cve-2020-4267/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/772.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-4267"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004676"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2043"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4267"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2020-4267"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004676"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2043"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4267"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-4267"
      },
      {
        "date": "2020-05-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004676"
      },
      {
        "date": "2020-04-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-2043"
      },
      {
        "date": "2020-04-24T16:15:00",
        "db": "NVD",
        "id": "CVE-2020-4267"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-4267"
      },
      {
        "date": "2020-05-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004676"
      },
      {
        "date": "2020-06-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-2043"
      },
      {
        "date": "2021-07-21T11:39:00",
        "db": "NVD",
        "id": "CVE-2020-4267"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2043"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ and  MQ Appliance Vulnerability regarding lack of resource release after valid lifetime in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004676"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2043"
      }
    ],
    "trust": 0.6
  }
}

var-202007-1381
Vulnerability from variot

IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118. IBM MQ Appliance There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 182118 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one device from IBM in the United States for rapid deployment of enterprise-level messaging middleware. Local attackers can use this vulnerability to obtain highly sensitive information

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1381",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.6"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1 cd"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1 lts"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "mq appliance lts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47945"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008714"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4498"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:mq_appliance",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008714"
      }
    ]
  },
  "cve": "CVE-2020-4498",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-4498",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.0,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-008714",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2020-47945",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "id": "CVE-2020-4498",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.5,
            "id": "CVE-2020-4498",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-008714",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-4498",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2020-4498",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-008714",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-47945",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202007-1529",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47945"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1529"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4498"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4498"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118. IBM MQ Appliance There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 182118 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one device from IBM in the United States for rapid deployment of enterprise-level messaging middleware. Local attackers can use this vulnerability to obtain highly sensitive information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4498"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008714"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-47945"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-4498",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008714",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-47945",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "47972",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1529",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47945"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1529"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4498"
      }
    ]
  },
  "id": "VAR-202007-1381",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47945"
      }
    ],
    "trust": 1.06875
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47945"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:11:22.905000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6252409",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6252409"
      },
      {
        "title": "ibm-mq-cve20204498-info-disc (182118)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182118"
      },
      {
        "title": "Patch for IBM MQ Appliance information disclosure vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/231259"
      },
      {
        "title": "IBM MQ Appliance Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124844"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47945"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1529"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-532",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008714"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4498"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182118"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/pages/node/6252409"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4498"
      },
      {
        "trust": 1.2,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-information-disclosure-vulnerability-cve-2020-4498/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4498"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/47972"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-information-disclosure-via-trace-files-32931"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-integration-servers-could-allow-information-exposure-when-using-mq-cve-2020-4498/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47945"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1529"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4498"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47945"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1529"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4498"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-47945"
      },
      {
        "date": "2020-09-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008714"
      },
      {
        "date": "2020-07-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-1529"
      },
      {
        "date": "2020-07-27T14:15:12.677000",
        "db": "NVD",
        "id": "CVE-2020-4498"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-47945"
      },
      {
        "date": "2020-09-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008714"
      },
      {
        "date": "2020-12-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-1529"
      },
      {
        "date": "2024-11-21T05:32:49.137000",
        "db": "NVD",
        "id": "CVE-2020-4498"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1529"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance information disclosure vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47945"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1529"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1529"
      }
    ],
    "trust": 0.6
  }
}

var-201803-1745
Vulnerability from variot

IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077. Vendors have confirmed this vulnerability IBM X-Force ID: 139077 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1745",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "mq appliance cd",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "103491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-894"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1429"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:mq_appliance",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003249"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM",
    "sources": [
      {
        "db": "BID",
        "id": "103491"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-1429",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CVE-2018-1429",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.3,
            "id": "CVE-2018-1429",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 2.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-1429",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2018-1429",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-1429",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201803-894",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-894"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1429"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1429"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077. Vendors have confirmed this vulnerability IBM X-Force ID: 139077 It is released as.Information may be obtained and information may be altered. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003249"
      },
      {
        "db": "BID",
        "id": "103491"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1429",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "103491",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1040564",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003249",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-894",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "103491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-894"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1429"
      }
    ]
  },
  "id": "VAR-201803-1745",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.46875
  },
  "last_update_date": "2024-11-23T23:08:45.951000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "2014046",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22014046"
      },
      {
        "title": "ibm-websphere-cve20181429-xss (139077)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077"
      },
      {
        "title": "IBM MQ Appliance Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79393"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-894"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003249"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1429"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1040564"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/103491"
      },
      {
        "trust": 1.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg22014046"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1429"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1429"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22014046"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "103491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-894"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1429"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "103491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-894"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1429"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-21T00:00:00",
        "db": "BID",
        "id": "103491"
      },
      {
        "date": "2018-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003249"
      },
      {
        "date": "2018-03-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-894"
      },
      {
        "date": "2018-03-23T19:29:00.747000",
        "db": "NVD",
        "id": "CVE-2018-1429"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-21T00:00:00",
        "db": "BID",
        "id": "103491"
      },
      {
        "date": "2018-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003249"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-894"
      },
      {
        "date": "2024-11-21T03:59:48.220000",
        "db": "NVD",
        "id": "CVE-2018-1429"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-894"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003249"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-894"
      }
    ],
    "trust": 0.6
  }
}

var-201609-0395
Vulnerability from variot

MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command. IBMMQAppliance is a solution that enables IBMMQ to be deployed in new use cases and to simplify existing deployment options. Allows a local attacker to exploit the vulnerability to execute arbitrary commands and obtain sensitive information. IBM MQ Appliance is prone to a local command-execution vulnerability. Both IBM MQ Appliance M2000 and M2001 are all-in-one devices used by IBM Corporation in the United States for the rapid deployment of enterprise-level message middleware

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0395",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq appliance m2000",
        "scope": null,
        "trust": 1.7,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance m2001",
        "scope": null,
        "trust": 1.7,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06498"
      },
      {
        "db": "BID",
        "id": "92538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004521"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-342"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5879"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:ibm:mq_appliance_m2000",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:ibm:mq_appliance_m2001",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ibm:mq_appliance_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004521"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM",
    "sources": [
      {
        "db": "BID",
        "id": "92538"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-342"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-5879",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-5879",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2016-06498",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-94699",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.0,
            "id": "CVE-2016-5879",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-5879",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-5879",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-06498",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201608-342",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-94699",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-5879",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06498"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94699"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004521"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-342"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5879"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command. IBMMQAppliance is a solution that enables IBMMQ to be deployed in new use cases and to simplify existing deployment options. Allows a local attacker to exploit the vulnerability to execute arbitrary commands and obtain sensitive information. IBM MQ Appliance is prone to a local command-execution vulnerability. Both IBM MQ Appliance M2000 and M2001 are all-in-one devices used by IBM Corporation in the United States for the rapid deployment of enterprise-level message middleware",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-5879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004521"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-06498"
      },
      {
        "db": "BID",
        "id": "92538"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94699"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5879"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-5879",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "92538",
        "trust": 2.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004521",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-342",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-06498",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-94699",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5879",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06498"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94699"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5879"
      },
      {
        "db": "BID",
        "id": "92538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004521"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-342"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5879"
      }
    ]
  },
  "id": "VAR-201609-0395",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06498"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94699"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06498"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:09:11.406000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "1987697",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987697"
      },
      {
        "title": "IBMMQAppliance local command execution vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/80608"
      },
      {
        "title": "IBM MQ Appliance Fixes for local command execution vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63706"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06498"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004521"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-342"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-94699"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004521"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5879"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987697"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/92538"
      },
      {
        "trust": 1.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1it16174"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5879"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5879"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06498"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94699"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5879"
      },
      {
        "db": "BID",
        "id": "92538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004521"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-342"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5879"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06498"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94699"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5879"
      },
      {
        "db": "BID",
        "id": "92538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004521"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-342"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5879"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-06498"
      },
      {
        "date": "2016-09-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-94699"
      },
      {
        "date": "2016-09-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-5879"
      },
      {
        "date": "2016-08-18T00:00:00",
        "db": "BID",
        "id": "92538"
      },
      {
        "date": "2016-09-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004521"
      },
      {
        "date": "2016-08-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-342"
      },
      {
        "date": "2016-09-02T14:59:08.160000",
        "db": "NVD",
        "id": "CVE-2016-5879"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-06498"
      },
      {
        "date": "2016-11-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-94699"
      },
      {
        "date": "2016-11-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-5879"
      },
      {
        "date": "2016-08-18T00:00:00",
        "db": "BID",
        "id": "92538"
      },
      {
        "date": "2016-09-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004521"
      },
      {
        "date": "2016-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-342"
      },
      {
        "date": "2024-11-21T02:55:11.217000",
        "db": "NVD",
        "id": "CVE-2016-5879"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "92538"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-342"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance M2000 and  M2001 Device  MQCLI In any  shell Command execution vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004521"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-342"
      }
    ],
    "trust": 0.6
  }
}

var-202111-0183
Vulnerability from variot

IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202111-0183",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.3"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.9"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.3"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-29843"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0.9",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.3",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.0.3",
                "versionStartIncluding": "9.2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-29843"
      }
    ]
  },
  "cve": "CVE-2021-29843",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2021-29843",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-29843",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-29843",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202111-472",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-472"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-29843"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-29843"
      }
    ],
    "trust": 1.0
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-29843",
        "trust": 1.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3710",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3959",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-472",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-472"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-29843"
      }
    ]
  },
  "id": "VAR-202111-0183",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T08:32:45.325000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "IBM MQ Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=168795"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-472"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-29843"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.ibm.com/support/pages/node/6513681"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205203"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3710"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29843"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-message-properties-36821"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3959"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-472"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-29843"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-472"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-29843"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-472"
      },
      {
        "date": "2021-11-08T17:15:00",
        "db": "NVD",
        "id": "CVE-2021-29843"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-472"
      },
      {
        "date": "2021-11-10T02:43:00",
        "db": "NVD",
        "id": "CVE-2021-29843"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-472"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-472"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-472"
      }
    ],
    "trust": 0.6
  }
}

var-202111-1526
Vulnerability from variot

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1526",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-39000"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-39000"
      }
    ]
  },
  "cve": "CVE-2021-39000",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-39000",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-39000",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-39000",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202111-2165",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2165"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-39000"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-39000"
      }
    ],
    "trust": 1.0
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-39000",
        "trust": 1.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4024",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2165",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2165"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-39000"
      }
    ]
  },
  "id": "VAR-202111-1526",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T09:21:12.415000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "IBM MQ Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172394"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2165"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-39000"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.ibm.com/support/pages/node/6519422"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213215"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4024"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-information-disclosure-via-diagnostics-36981"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2165"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-39000"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2165"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-39000"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-2165"
      },
      {
        "date": "2021-11-30T17:15:00",
        "db": "NVD",
        "id": "CVE-2021-39000"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-2165"
      },
      {
        "date": "2021-11-30T20:28:00",
        "db": "NVD",
        "id": "CVE-2021-39000"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2165"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Information disclosure vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2165"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2165"
      }
    ],
    "trust": 0.6
  }
}

var-202003-0593
Vulnerability from variot

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. IBM MQ and MQ Appliance There is an input verification vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 170967 It is published as.Service operation interruption (DoS) It may be put into a state. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The vulnerability stems from an error in processing error messages. An attacker can use this vulnerability to cause a denial of service

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0593",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.4"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "websphere mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.9"
      },
      {
        "model": "websphere mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.9"
      },
      {
        "model": "mq",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "websphere mq",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "mq appliance lts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014904"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4656"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:mq",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ibm:mq_appliance",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ibm:websphere_mq",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014904"
      }
    ]
  },
  "cve": "CVE-2019-4656",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2019-4656",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014904",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2020-17502",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-4656",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-4656",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014904",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-4656",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2019-4656",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-014904",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-17502",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202003-896",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014904"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-896"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4656"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4656"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. IBM MQ and MQ Appliance There is an input verification vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 170967 It is published as.Service operation interruption (DoS) It may be put into a state. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The vulnerability stems from an error in processing error messages. An attacker can use this vulnerability to cause a denial of service",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4656"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014904"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17502"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-4656",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014904",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17502",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.4106",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-896",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014904"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-896"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4656"
      }
    ]
  },
  "id": "VAR-202003-0593",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17502"
      }
    ],
    "trust": 1.06875
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17502"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:06:16.264000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "1135095",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/1135095"
      },
      {
        "title": "ibm-mq-cve20194656-dos (170967)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967"
      },
      {
        "title": "Patch for IBM MQ Appliance and IBM MQ Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/209207"
      },
      {
        "title": "IBM MQ  and IBM MQ Appliance Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=112526"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014904"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-896"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014904"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4656"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/pages/node/1135095"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4656"
      },
      {
        "trust": 1.2,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-error-processing-error-messages-cve-2019-4656/"
      },
      {
        "trust": 1.2,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-31785"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4656"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-authenticated-user-crafting-a-malicious-message-cve-2019-4656/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.4106"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014904"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-896"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4656"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014904"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-896"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4656"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-17502"
      },
      {
        "date": "2020-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014904"
      },
      {
        "date": "2020-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-896"
      },
      {
        "date": "2020-03-16T16:15:12.670000",
        "db": "NVD",
        "id": "CVE-2019-4656"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-17502"
      },
      {
        "date": "2020-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014904"
      },
      {
        "date": "2023-07-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-896"
      },
      {
        "date": "2024-11-21T04:43:56.300000",
        "db": "NVD",
        "id": "CVE-2019-4656"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-896"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ and  MQ Appliance Input verification vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014904"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-896"
      }
    ],
    "trust": 0.6
  }
}

var-202007-0442
Vulnerability from variot

IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616. IBM MQ Appliance There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 172616 It is published as.Information may be obtained

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0442",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.4"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1.4.cd"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015795"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4731"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.1.4:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4731"
      }
    ]
  },
  "cve": "CVE-2019-4731",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-4731",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015795",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-4731",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015795",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-4731",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-015795",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202007-1538",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015795"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1538"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4731"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616. IBM MQ Appliance There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 172616 It is published as.Information may be obtained",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4731"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015795"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-4731",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015795",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1538",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015795"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1538"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4731"
      }
    ]
  },
  "id": "VAR-202007-0442",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T09:09:01.851000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "1125885",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/1125885"
      },
      {
        "title": "ibm-mq-cve20194731-info-disc (172616)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172616"
      },
      {
        "title": "IBM MQ Appliance Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=125188"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015795"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1538"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015795"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4731"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/pages/node/1125885"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172616"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4731"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4731"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-information-disclosure-via-trace-file-32944"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-inclusion-of-sensitive-data-within-trace-cve-2019-4731/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015795"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1538"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4731"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015795"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1538"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4731"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015795"
      },
      {
        "date": "2020-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-1538"
      },
      {
        "date": "2020-07-28T12:15:00",
        "db": "NVD",
        "id": "CVE-2019-4731"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015795"
      },
      {
        "date": "2020-07-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-1538"
      },
      {
        "date": "2020-07-28T15:48:00",
        "db": "NVD",
        "id": "CVE-2019-4731"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1538"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance Vulnerability regarding information leakage in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015795"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1538"
      }
    ],
    "trust": 0.6
  }
}

var-202101-1514
Vulnerability from variot

IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831. Vendor exploits this vulnerability IBM X-Force ID: 190831 Is published as.Denial of service (DoS) It may be put into a state. IBM MQ Appliance is an all-in-one device from IBM in the United States for rapid deployment of enterprise-level messaging middleware

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1514",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2 lts"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2 cd"
      },
      {
        "model": "mq appliance",
        "scope": null,
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03003"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002418"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4869"
      }
    ]
  },
  "cve": "CVE-2020-4869",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2020-4869",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2021-03003",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-4869",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.6,
            "id": "CVE-2020-4869",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-4869",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-4869",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2020-4869",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-4869",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-03003",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202101-482",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03003"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002418"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-482"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4869"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4869"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831. Vendor exploits this vulnerability IBM X-Force ID: 190831 Is published as.Denial of service (DoS) It may be put into a state. IBM MQ Appliance is an all-in-one device from IBM in the United States for rapid deployment of enterprise-level messaging middleware",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4869"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002418"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-03003"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-4869",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002418",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-03003",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-482",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03003"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002418"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-482"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4869"
      }
    ]
  },
  "id": "VAR-202101-1514",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03003"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03003"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:11:12.655000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6398791 IBM\u00a0X-Force\u00a0Exchange",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6398791"
      },
      {
        "title": "Patch for IBM MQ Appliance buffer overflow vulnerability (CNVD-2021-03003)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/244204"
      },
      {
        "title": "IBM MQ Appliance Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138656"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03003"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002418"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-482"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-120",
        "trust": 1.0
      },
      {
        "problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002418"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4869"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190831"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/pages/node/6398791"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4869"
      },
      {
        "trust": 1.2,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4869/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-snmp-query-34268"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-a-dos-attack/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03003"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002418"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-482"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4869"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03003"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002418"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-482"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4869"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-03003"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-002418"
      },
      {
        "date": "2021-01-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-482"
      },
      {
        "date": "2021-01-11T17:15:12.490000",
        "db": "NVD",
        "id": "CVE-2020-4869"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-03003"
      },
      {
        "date": "2021-09-14T09:08:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-002418"
      },
      {
        "date": "2021-06-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-482"
      },
      {
        "date": "2024-11-21T05:33:20.627000",
        "db": "NVD",
        "id": "CVE-2020-4869"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-482"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Buffer Overflow Vulnerability in Linux",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002418"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-482"
      }
    ],
    "trust": 0.6
  }
}

var-202111-1528
Vulnerability from variot

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. IBM MQ Appliance There is a code injection vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 212441 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently provided

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1528",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2 lts"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2 cd"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92961"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015731"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38967"
      }
    ]
  },
  "cve": "CVE-2021-38967",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-38967",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2021-92961",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "id": "CVE-2021-38967",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.5,
            "id": "CVE-2021-38967",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-38967",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-38967",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2021-38967",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-38967",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-92961",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202111-2168",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92961"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015731"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2168"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38967"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38967"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. IBM MQ Appliance There is a code injection vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 212441 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently provided",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-38967"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015731"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-92961"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-38967",
        "trust": 3.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015731",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-92961",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4024",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2168",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92961"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015731"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2168"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38967"
      }
    ]
  },
  "id": "VAR-202111-1528",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92961"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92961"
      }
    ]
  },
  "last_update_date": "2024-08-14T13:23:09.444000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6512826 IBM\u00a0X-Force\u00a0Exchange",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6512826"
      },
      {
        "title": "Patch for Unidentified vulnerabilities in IBM MQ Appliance",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/302076"
      },
      {
        "title": "IBM MQ Appliance Fixes for code injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172396"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92961"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015731"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2168"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.0
      },
      {
        "problemtype": "Code injection (CWE-94) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015731"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38967"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.ibm.com/support/pages/node/6512826"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212441"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38967"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-code-execution-via-injection-36982"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4024"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92961"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015731"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2168"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38967"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92961"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015731"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2168"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38967"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-92961"
      },
      {
        "date": "2022-11-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-015731"
      },
      {
        "date": "2021-11-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-2168"
      },
      {
        "date": "2021-11-30T17:15:11.483000",
        "db": "NVD",
        "id": "CVE-2021-38967"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-92961"
      },
      {
        "date": "2022-11-29T08:18:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-015731"
      },
      {
        "date": "2021-12-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-2168"
      },
      {
        "date": "2021-11-30T20:29:59.293000",
        "db": "NVD",
        "id": "CVE-2021-38967"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2168"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Code injection vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015731"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2168"
      }
    ],
    "trust": 0.6
  }
}

var-201801-0385
Vulnerability from variot

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. IBM WebSphere MQ Contains an access control vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 131547 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0385",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "mq appliance cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.2"
      },
      {
        "model": "mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102418"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-077"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1557"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:websphere_mq",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011805"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported the issue.",
    "sources": [
      {
        "db": "BID",
        "id": "102418"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-1557",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2017-1557",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-1557",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-1557",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-1557",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201801-077",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-077"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1557"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. IBM WebSphere MQ Contains an access control vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 131547 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial-of-service condition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011805"
      },
      {
        "db": "BID",
        "id": "102418"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-1557",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "102418",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011805",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-077",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102418"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-077"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1557"
      }
    ]
  },
  "id": "VAR-201801-0385",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.46875
  },
  "last_update_date": "2024-11-23T22:22:15.338000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "2004378",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22004378"
      },
      {
        "title": "IBM WebSphere MQ Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77425"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-077"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011805"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1557"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/102418"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547"
      },
      {
        "trust": 1.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg22004378"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1557"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1557"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22004378"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102418"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-077"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1557"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "102418"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-077"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1557"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-02T00:00:00",
        "db": "BID",
        "id": "102418"
      },
      {
        "date": "2018-01-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011805"
      },
      {
        "date": "2018-01-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-077"
      },
      {
        "date": "2018-01-02T17:29:01.070000",
        "db": "NVD",
        "id": "CVE-2017-1557"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-02T00:00:00",
        "db": "BID",
        "id": "102418"
      },
      {
        "date": "2018-01-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011805"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-077"
      },
      {
        "date": "2024-11-21T03:22:04.467000",
        "db": "NVD",
        "id": "CVE-2017-1557"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-077"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere MQ Access control vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011805"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-077"
      }
    ],
    "trust": 0.6
  }
}

var-201711-0753
Vulnerability from variot

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144. IBM WebSphere MQ Contains a resource management vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 125144 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause the excessive resource consumption thereby denying service to other legitimate users

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0753",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.2"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "mq appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102232"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1084"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1283"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1283"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported the issue.",
    "sources": [
      {
        "db": "BID",
        "id": "102232"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-1283",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2017-1283",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 1.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-1283",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 1.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-1283",
            "trust": 1.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-1084",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-1283",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-1283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1084"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1283"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144. IBM WebSphere MQ Contains a resource management vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 125144 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause the excessive resource consumption thereby denying service to other legitimate users",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010846"
      },
      {
        "db": "BID",
        "id": "102232"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-1283"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-1283",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010846",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1084",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "102232",
        "trust": 0.4
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-1283",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-1283"
      },
      {
        "db": "BID",
        "id": "102232"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1084"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1283"
      }
    ]
  },
  "id": "VAR-201711-0753",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T09:39:22.550000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "2003852",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003852"
      },
      {
        "title": "IBM WebSphere MQ Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76758"
      },
      {
        "title": "Red-Team-vs-Blue-Team",
        "trust": 0.1,
        "url": "https://github.com/samgeron/red-team-vs-blue-team "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-1283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1084"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-772",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-399",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010846"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1283"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144"
      },
      {
        "trust": 1.7,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg22003852"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1283"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1283"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003852"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/772.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/102232"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/gknaus008/red-team-vs-blue-team-project"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-1283"
      },
      {
        "db": "BID",
        "id": "102232"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1084"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1283"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2017-1283"
      },
      {
        "db": "BID",
        "id": "102232"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1084"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1283"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-1283"
      },
      {
        "date": "2017-11-14T00:00:00",
        "db": "BID",
        "id": "102232"
      },
      {
        "date": "2017-12-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010846"
      },
      {
        "date": "2017-11-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-1084"
      },
      {
        "date": "2017-11-27T21:29:00",
        "db": "NVD",
        "id": "CVE-2017-1283"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-1283"
      },
      {
        "date": "2017-11-14T00:00:00",
        "db": "BID",
        "id": "102232"
      },
      {
        "date": "2017-12-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010846"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-1084"
      },
      {
        "date": "2019-10-03T00:03:00",
        "db": "NVD",
        "id": "CVE-2017-1283"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1084"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere MQ Resource management vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010846"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1084"
      }
    ],
    "trust": 0.6
  }
}

var-202001-0209
Vulnerability from variot

IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 166629 Published as.Denial of service operation (DoS) May be in a state

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0209",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.8"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.0 lts"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "appliance 8.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014396"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4568"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.0.0.14",
                    "versionStartIncluding": "8.0.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.0.0.8",
                    "versionStartIncluding": "9.0.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.0.0.14",
                    "versionStartIncluding": "8.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.0.14",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0.0.8",
                "versionStartIncluding": "9.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.0.14",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4568"
      }
    ]
  },
  "cve": "CVE-2019-4568",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-4568",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "id": "CVE-2019-4568",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-4568",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-4568",
            "trust": 1.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-1259",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014396"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1259"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4568"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 166629 Published as.Denial of service operation (DoS) May be in a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4568"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014396"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-4568",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014396",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1259",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014396"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1259"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4568"
      }
    ]
  },
  "id": "VAR-202001-0209",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T10:11:11.109000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "1106517 IBM\u00a0X-Force\u00a0Exchange",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/1106517"
      },
      {
        "title": "IBM MQ  and IBM MQ Appliance Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110076"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014396"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1259"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014396"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4568"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/pages/node/1106517"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166629"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4568"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-error-within-the-clustering-code-cve-2019-4568/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-clustering-code-31427"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014396"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1259"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4568"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014396"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1259"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4568"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014396"
      },
      {
        "date": "2020-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-1259"
      },
      {
        "date": "2020-01-28T19:15:00",
        "db": "NVD",
        "id": "CVE-2019-4568"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014396"
      },
      {
        "date": "2021-07-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-1259"
      },
      {
        "date": "2021-07-21T11:39:00",
        "db": "NVD",
        "id": "CVE-2019-4568"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1259"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM\u00a0MQ\u00a0 and \u00a0MQ\u00a0Appliance\u00a0 Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014396"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1259"
      }
    ],
    "trust": 0.6
  }
}

var-202007-1391
Vulnerability from variot

IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562. Vendor exploits this vulnerability IBM X-Force ID: 181562 It is published as.Service operation interruption (DoS) It may be put into a state

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1391",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.6"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "mq appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008719"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4465"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.0.15",
                "versionStartIncluding": "8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.0.0",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0.6",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4465"
      }
    ]
  },
  "cve": "CVE-2020-4465",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2020-4465",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-008719",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-4465",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-008719",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-4465",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-008719",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202007-1537",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008719"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1537"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4465"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562. Vendor exploits this vulnerability IBM X-Force ID: 181562 It is published as.Service operation interruption (DoS) It may be put into a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4465"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008719"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-4465",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008719",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "47999",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1537",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008719"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1537"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4465"
      }
    ]
  },
  "id": "VAR-202007-1391",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T10:18:15.889000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6252783",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6252783"
      },
      {
        "title": "ibm-mq-cve20204465-dos (181562)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181562"
      },
      {
        "title": "IBM MQ Appliance Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=125023"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008719"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1537"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-120",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008719"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4465"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/pages/node/6252783"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181562"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4465"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4465"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-buffer-overflow-vulnerability-due-to-an-error-within-the-channel-processing-code-cve-2020-4465/"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/47999"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-integration-servers-could-cause-a-denial-of-service-or-a-buffer-overflow-when-using-mq/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4465/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-buffer-overflow-via-channel-processing-32947"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-buffer-overflow-vulnerability-cve-2020-4465/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008719"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1537"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4465"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008719"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1537"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4465"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008719"
      },
      {
        "date": "2020-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-1537"
      },
      {
        "date": "2020-07-28T12:15:00",
        "db": "NVD",
        "id": "CVE-2020-4465"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008719"
      },
      {
        "date": "2020-12-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-1537"
      },
      {
        "date": "2020-07-28T15:10:00",
        "db": "NVD",
        "id": "CVE-2020-4465"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1537"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  IBM Classic buffer overflow vulnerability in product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008719"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1537"
      }
    ],
    "trust": 0.6
  }
}

var-202007-1093
Vulnerability from variot

IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402. Vendor exploits this vulnerability IBM X-Force ID: 177402 It is published as.Information may be obtained

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1093",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.6"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "mq appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008717"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4319"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.0.15",
                "versionStartIncluding": "8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.0.0",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0.6",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4319"
      }
    ]
  },
  "cve": "CVE-2020-4319",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "CVE-2020-4319",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-008717",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-4319",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-008717",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-4319",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-008717",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202007-1545",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1545"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4319"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402. Vendor exploits this vulnerability IBM X-Force ID: 177402 It is published as.Information may be obtained",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008717"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-4319",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008717",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "49873",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1545",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1545"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4319"
      }
    ]
  },
  "id": "VAR-202007-1093",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T10:10:54.352000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6252777",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6252777"
      },
      {
        "title": "ibm-mq-cve20204319-info-disc (177402)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177402"
      },
      {
        "title": "IBM MQ Appliance Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=125189"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1545"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-209",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008717"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4319"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177402"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/pages/node/6252777"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4319"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4319"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-sensitive-information-disclosure-vulnerability-cve-2020-4319/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4319/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-information-disclosure-via-pre-v7-pubsub-logic-error-message-32945"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/49873"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-leak-sensitive-information-due-to-an-error-within-the-pre-v7-pubsub-logic-cve-2020-4319/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1545"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4319"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1545"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4319"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008717"
      },
      {
        "date": "2020-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-1545"
      },
      {
        "date": "2020-07-28T12:15:00",
        "db": "NVD",
        "id": "CVE-2020-4319"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008717"
      },
      {
        "date": "2020-10-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-1545"
      },
      {
        "date": "2021-07-21T11:39:00",
        "db": "NVD",
        "id": "CVE-2020-4319"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1545"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  IBM Product Information Leakage Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008717"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1545"
      }
    ],
    "trust": 0.6
  }
}

var-202203-0542
Vulnerability from variot

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276. IBM MQ Appliance There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 218276 It is published as.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently available

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0542",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.5"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.5"
      },
      {
        "model": "mq appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2 cd"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2 lts"
      },
      {
        "model": "mq appliance lts",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.2.0.0,\u003c9.2.0.5"
      },
      {
        "model": "mq appliance continuous delivery",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.2.0.0,\u003c9.2.5"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-25209"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009158"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22316"
      }
    ]
  },
  "cve": "CVE-2022-22316",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2022-22316",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2022-25209",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2022-22316",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.6,
            "id": "CVE-2022-22316",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2022-22316",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-22316",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2022-22316",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-22316",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-25209",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202203-1939",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-22316",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-25209"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22316"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1939"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22316"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22316"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276. IBM MQ Appliance There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 218276 It is published as.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently available",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22316"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009158"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-25209"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22316"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22316",
        "trust": 3.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009158",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-25209",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2414",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1939",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22316",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-25209"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22316"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1939"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22316"
      }
    ]
  },
  "id": "VAR-202203-0542",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-25209"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-25209"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:32:55.167000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6560040 IBM\u00a0X-Force\u00a0Exchange",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6560040"
      },
      {
        "title": "Patch for Unknown Vulnerability in IBM MQ Appliance (CNVD-2022-25209)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/328546"
      },
      {
        "title": "IBM MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187134"
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-23305 "
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-RCE "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-25209"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22316"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1939"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009158"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22316"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218276"
      },
      {
        "trust": 1.7,
        "url": "https://www.ibm.com/support/pages/node/6560040"
      },
      {
        "trust": 1.2,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-authorization-check-37842"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22316"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2414"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-22316/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-25209"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22316"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1939"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22316"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-25209"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22316"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1939"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22316"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-04-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-25209"
      },
      {
        "date": "2022-03-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22316"
      },
      {
        "date": "2023-08-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-009158"
      },
      {
        "date": "2022-03-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-1939"
      },
      {
        "date": "2022-03-23T17:15:07.793000",
        "db": "NVD",
        "id": "CVE-2022-22316"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-04-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-25209"
      },
      {
        "date": "2022-03-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22316"
      },
      {
        "date": "2023-08-03T07:05:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-009158"
      },
      {
        "date": "2022-05-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-1939"
      },
      {
        "date": "2024-11-21T06:46:37.690000",
        "db": "NVD",
        "id": "CVE-2022-22316"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1939"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009158"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1939"
      }
    ],
    "trust": 0.6
  }
}

var-202011-1431
Vulnerability from variot

IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. IBM MQ Appliance Contains an unspecified vulnerability.Information may be tampered with

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202011-1431",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1 lts"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1 cd"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013740"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4592"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.1.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.1.0.0:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4592"
      }
    ]
  },
  "cve": "CVE-2020-4592",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-4592",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 1.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-4592",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-4592",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-4592",
            "trust": 1.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202011-1519",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1519"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4592"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. IBM MQ Appliance Contains an unspecified vulnerability.Information may be tampered with",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4592"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013740"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-4592",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013740",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1519",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1519"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4592"
      }
    ]
  },
  "id": "VAR-202011-1431",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T10:03:20.574000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6359019 IBM\u00a0X-Force\u00a0Exchange",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6359019"
      },
      {
        "title": "IBM MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=134749"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1519"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013740"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4592"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184755"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/pages/node/6359019"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4592"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-data-corruption-33908"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-authenticated-user-under-nondefault-configuration-to-cause-a-data-corruption-attack-due-to-an-error-when-using-segmented-messages-cve-2020-4592/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4592/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1519"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4592"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1519"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4592"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-013740"
      },
      {
        "date": "2020-11-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202011-1519"
      },
      {
        "date": "2020-11-18T18:15:00",
        "db": "NVD",
        "id": "CVE-2020-4592"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-13T07:51:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-013740"
      },
      {
        "date": "2020-12-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202011-1519"
      },
      {
        "date": "2020-12-01T19:02:00",
        "db": "NVD",
        "id": "CVE-2020-4592"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1519"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013740"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1519"
      }
    ],
    "trust": 0.6
  }
}

var-202101-1665
Vulnerability from variot

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1665",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.7"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.2"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.6"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.6"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.7"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.8"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.10"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.8"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.4"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.6"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.9"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.2"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.4"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.5"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.9"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.5"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.3"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.3"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.10"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.5"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.1.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4682"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.1:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.2:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.3:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.4:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.5:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.6:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.7:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.8:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.9:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.10:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.1:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.2:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.3:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.4:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.5:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.6:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:9.2.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4682"
      }
    ]
  },
  "cve": "CVE-2020-4682",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-4682",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 1.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-4682",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-4682",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202101-2461",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-4682",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-4682"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2461"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4682"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4682"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4682"
      }
    ],
    "trust": 0.99
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-4682",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2461",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4682",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-4682"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2461"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4682"
      }
    ]
  },
  "id": "VAR-202101-1665",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T08:52:19.080000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "IBM MQ Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140067"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2461"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-502",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4682"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509"
      },
      {
        "trust": 1.7,
        "url": "https://www.ibm.com/support/pages/node/6408626"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6496783"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4682"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4682/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-code-execution-via-deserialization-34421"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4682/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/502.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-4682"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2461"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4682"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2020-4682"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2461"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4682"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-4682"
      },
      {
        "date": "2021-01-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-2461"
      },
      {
        "date": "2021-01-28T13:15:00",
        "db": "NVD",
        "id": "CVE-2020-4682"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-4682"
      },
      {
        "date": "2021-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-2461"
      },
      {
        "date": "2021-02-02T17:35:00",
        "db": "NVD",
        "id": "CVE-2020-4682"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2461"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Code problem vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2461"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2461"
      }
    ],
    "trust": 0.6
  }
}

var-202001-0210
Vulnerability from variot

IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 168639 Published as.Denial of service operation (DoS) May be in a state

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0210",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "mq appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.4"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.4"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.8"
      },
      {
        "model": "mq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "appliance"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014394"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4614"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.0.0.14",
                    "versionStartIncluding": "8.0.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.0.0.8",
                    "versionStartIncluding": "9.0.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.1.4",
                    "versionStartIncluding": "9.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.1.0.4",
                    "versionStartIncluding": "9.1.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.0.0.14",
                    "versionStartIncluding": "8.0.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.1.4",
                    "versionStartIncluding": "9.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.1.0.4",
                    "versionStartIncluding": "9.1.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.0.14",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0.0.8",
                "versionStartIncluding": "9.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.4",
                "versionStartIncluding": "9.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0.4",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.0.14",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.4",
                "versionStartIncluding": "9.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0.4",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4614"
      }
    ]
  },
  "cve": "CVE-2019-4614",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-4614",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-4614",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-4614",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-4614",
            "trust": 1.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-1260",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014394"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1260"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4614"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 168639 Published as.Denial of service operation (DoS) May be in a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4614"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014394"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-4614",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014394",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0266",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1260",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014394"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1260"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4614"
      }
    ]
  },
  "id": "VAR-202001-0210",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T07:01:18.851000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "1106523 IBM\u00a0X-Force\u00a0Exchange",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/1106523"
      },
      {
        "title": "IBM MQ  and IBM MQ Appliance Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=109435"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014394"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1260"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014394"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4614"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/pages/node/1106523"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4614"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1125897"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1135023"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1125891"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1127031"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0266/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-caused-by-converting-an-invalid-message-cve-2019-4614/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-invalid-message-31428"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-multiple-vulnerabilities-within-ibm-mq-cve-2019-4655-cve-2019-4560-cve-2019-4614-cve-2019-4620/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-affected-by-ibm-mq-vulnerability-cve-2019-4614/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014394"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1260"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4614"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014394"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1260"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4614"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014394"
      },
      {
        "date": "2020-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-1260"
      },
      {
        "date": "2020-01-28T19:15:00",
        "db": "NVD",
        "id": "CVE-2019-4614"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014394"
      },
      {
        "date": "2020-05-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-1260"
      },
      {
        "date": "2021-07-21T11:39:00",
        "db": "NVD",
        "id": "CVE-2019-4614"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1260"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM\u00a0MQ\u00a0 and \u00a0MQ\u00a0Appliance\u00a0 Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014394"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1260"
      }
    ],
    "trust": 0.6
  }
}

var-201909-0018
Vulnerability from variot

IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337. IBM MQ Contains a resource exhaustion vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 158337 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0018",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "websphere mq appliance",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.2"
      },
      {
        "model": "websphere mq appliance",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "websphere mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.2"
      },
      {
        "model": "websphere mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "websphere mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "websphere mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "websphere mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "websphere mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "websphere mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "websphere mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.1.0.9"
      },
      {
        "model": "websphere mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "websphere mq appliance",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "websphere mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.9"
      },
      {
        "model": "websphere mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "websphere mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "websphere mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.6"
      },
      {
        "model": "websphere mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "websphere mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "mq appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "websphere mq",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009729"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4141"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.0.9",
                "versionStartIncluding": "7.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.1.2",
                "versionStartIncluding": "9.1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq_appliance:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.1.0.2",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.0.9",
                "versionStartIncluding": "7.5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.0.11",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.0.6",
                "versionStartIncluding": "9.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.1.0.2",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq_appliance:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.0.11",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq_appliance:*:*:*:*:cd:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.1.2",
                "versionStartIncluding": "9.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4141"
      }
    ]
  },
  "cve": "CVE-2019-4141",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-4141",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-4141",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-4141",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-4141",
            "trust": 1.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201909-1241",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1241"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4141"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337. IBM MQ Contains a resource exhaustion vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 158337 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009729"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-4141",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009729",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3650",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1241",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1241"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4141"
      }
    ]
  },
  "id": "VAR-201909-0018",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T10:18:43.467000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "876772",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/876772"
      },
      {
        "title": "ibm-websphere-cve20194141-dos (158337)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337"
      },
      {
        "title": "IBM MQ  and IBM MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98639"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1241"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-401",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-400",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009729"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4141"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.ibm.com/support/pages/node/876772"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4141"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4141"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-memory-leak-via-cluster-30424"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3650/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1241"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4141"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1241"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4141"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-009729"
      },
      {
        "date": "2019-09-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-1241"
      },
      {
        "date": "2019-09-27T14:15:00",
        "db": "NVD",
        "id": "CVE-2019-4141"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-009729"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-1241"
      },
      {
        "date": "2020-08-24T17:37:00",
        "db": "NVD",
        "id": "CVE-2019-4141"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1241"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Vulnerable to resource exhaustion",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009729"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1241"
      }
    ],
    "trust": 0.6
  }
}

var-202102-0826
Vulnerability from variot

IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware.

There is a security vulnerability in the IBM MQ Appliance. Attackers can use this vulnerability to trigger a fatal error through the AMQP channel of the IBM MQ appliance, thereby triggering a denial of service

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0826",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq appliance",
        "scope": null,
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-12640"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4931"
      }
    ]
  },
  "cve": "CVE-2020-4931",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2020-4931",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2021-12640",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-4931",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-4931",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-4931",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2020-4931",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-12640",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-1508",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-12640"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1508"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4931"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4931"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. \n\r\n\r\nThere is a security vulnerability in the IBM MQ Appliance. Attackers can use this vulnerability to trigger a fatal error through the AMQP channel of the IBM MQ appliance, thereby triggering a denial of service",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4931"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-12640"
      }
    ],
    "trust": 1.44
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-4931",
        "trust": 2.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-12640",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1508",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-12640"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1508"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4931"
      }
    ]
  },
  "id": "VAR-202102-0826",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-12640"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-12640"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:07:39.677000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for IBM MQ Appliance Denial of Service Vulnerability (CNVD-2021-12640)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/249166"
      },
      {
        "title": "IBM MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142521"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-12640"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1508"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4931"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/pages/node/6403295"
      },
      {
        "trust": 1.2,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4931/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4931"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-amqp-channels-34652"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-amqp-channels-could-allow-an-authenticated-user-to-cause-a-denial-of-service-due-to-an-issue-processing-messages-cve-2020-4931/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-12640"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1508"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4931"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-12640"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1508"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4931"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-12640"
      },
      {
        "date": "2021-02-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-1508"
      },
      {
        "date": "2021-02-24T18:15:12.797000",
        "db": "NVD",
        "id": "CVE-2020-4931"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-12640"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-1508"
      },
      {
        "date": "2024-11-21T05:33:26.623000",
        "db": "NVD",
        "id": "CVE-2020-4931"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1508"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance Denial of Service Vulnerability (CNVD-2021-12640)",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-12640"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1508"
      }
    ],
    "trust": 0.6
  }
}

var-201904-0357
Vulnerability from variot

IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. IBM MQ Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 156564 Published as.Denial of service (DoS) May be in a state. An attacker can exploit this issue to cause a denial-of-service condition. The following product and versions are affected: IBM MQ and MQ Appliance from versions 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.1.0.0 through 9.1.0.1 and 9.1.0 through 9.1.1

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0357",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.5"
      },
      {
        "model": "mq appliance",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.10"
      },
      {
        "model": "mq appliance",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "mq appliance",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.10"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0.0.0 to  8.0.0.10"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.0.0.0 to  9.0.0.5"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1.0.0 to  9.1.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.5"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.5"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.5"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.4"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.4"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.3"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.2"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.10"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "mq lts",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.6"
      },
      {
        "model": "mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003617"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4055"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:mq_appliance",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003617"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported the issue.",
    "sources": [
      {
        "db": "BID",
        "id": "108027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-879"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-4055",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-4055",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-4055",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-4055",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-4055",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2019-4055",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-4055",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201904-879",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-879"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4055"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4055"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. IBM MQ Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 156564 Published as.Denial of service (DoS) May be in a state. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThe following product and versions are affected:\nIBM MQ and MQ Appliance from versions 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.1.0.0 through 9.1.0.1 and 9.1.0 through 9.1.1",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4055"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003617"
      },
      {
        "db": "BID",
        "id": "108027"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-4055",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "108027",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003617",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1347",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4784",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.4106",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3122",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-879",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-879"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4055"
      }
    ]
  },
  "id": "VAR-201904-0357",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.46875
  },
  "last_update_date": "2024-11-23T19:38:16.858000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "0870484",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870484"
      },
      {
        "title": "ibm-websphere-cve20194055-dos (156564)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564"
      },
      {
        "title": "IBM MQ  and IBM MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=91713"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-879"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003617"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4055"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870484"
      },
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/108027"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4055"
      },
      {
        "trust": 0.9,
        "url": "http://www.ibm.com/"
      },
      {
        "trust": 0.9,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10870484"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4055"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1137634"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1115109"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10967151"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-tls-key-renegotiation-29053"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10967151"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1115031"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/79378"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.4106"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3122/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4784/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-879"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4055"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "108027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-879"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4055"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-16T00:00:00",
        "db": "BID",
        "id": "108027"
      },
      {
        "date": "2019-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003617"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-879"
      },
      {
        "date": "2019-04-19T17:29:01.987000",
        "db": "NVD",
        "id": "CVE-2019-4055"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-16T00:00:00",
        "db": "BID",
        "id": "108027"
      },
      {
        "date": "2019-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003617"
      },
      {
        "date": "2023-07-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-879"
      },
      {
        "date": "2024-11-21T04:43:05.823000",
        "db": "NVD",
        "id": "CVE-2019-4055"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-879"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003617"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-879"
      }
    ],
    "trust": 0.6
  }
}

var-201707-0274
Vulnerability from variot

IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354. IBM WebSphere MQ There is a service disruption (DoS) There are vulnerabilities that are put into a state. IBM MQ is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to crash the service, denying service to legitimate users

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0274",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "mq cd",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99505"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005641"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-285"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1236"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:websphere_mq",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005641"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported the issue.",
    "sources": [
      {
        "db": "BID",
        "id": "99505"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-1236",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2017-1236",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-1236",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-1236",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-1236",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-285",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005641"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-285"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1236"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354. IBM WebSphere MQ There is a service disruption (DoS) There are vulnerabilities that are put into a state. IBM MQ is prone to a denial-of-service vulnerability. \nRemote attackers can exploit this issue to crash the service, denying service to legitimate users",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005641"
      },
      {
        "db": "BID",
        "id": "99505"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-1236",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "99505",
        "trust": 1.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005641",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-285",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99505"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005641"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-285"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1236"
      }
    ]
  },
  "id": "VAR-201707-0274",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.46875
  },
  "last_update_date": "2024-11-23T22:56:11.550000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "2003510",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003510"
      },
      {
        "title": "IBM WebSphere MQ  and IBM MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71548"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005641"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-285"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005641"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1236"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg22003510"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/99505"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1236"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1236"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003510"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99505"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005641"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-285"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1236"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "99505"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005641"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-285"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1236"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-05T00:00:00",
        "db": "BID",
        "id": "99505"
      },
      {
        "date": "2017-08-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005641"
      },
      {
        "date": "2017-07-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-285"
      },
      {
        "date": "2017-07-06T14:29:00.247000",
        "db": "NVD",
        "id": "CVE-2017-1236"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-05T00:00:00",
        "db": "BID",
        "id": "99505"
      },
      {
        "date": "2017-08-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005641"
      },
      {
        "date": "2017-12-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-285"
      },
      {
        "date": "2024-11-21T03:21:33.593000",
        "db": "NVD",
        "id": "CVE-2017-1236"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-285"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere MQ Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005641"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-285"
      }
    ],
    "trust": 0.6
  }
}

var-201707-0551
Vulnerability from variot

IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. Vendors have confirmed this vulnerability IBM X-Force ID: 125730 It is released as.Arbitrary commands could be executed by an authorized message administrator. An attacker can exploit this issue to execute arbitrary command on the affected system. This may aid in further attacks. MQ Appliance 9.0.1, 9.0.2, and 8.0.0.0 through 8.0.0.6 are vulnerable

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0551",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-753"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1318"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:8.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:8.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:8.0.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:8.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:8.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:8.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:8.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1318"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM.",
    "sources": [
      {
        "db": "BID",
        "id": "99594"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-1318",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-1318",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 1.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-1318",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 1.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-1318",
            "trust": 1.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-753",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-753"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1318"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. Vendors have confirmed this vulnerability IBM X-Force ID: 125730 It is released as.Arbitrary commands could be executed by an authorized message administrator. \nAn attacker can exploit this issue to execute arbitrary command on the affected system. This may aid in further attacks. \nMQ Appliance 9.0.1, 9.0.2, and 8.0.0.0 through 8.0.0.6 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1318"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006094"
      },
      {
        "db": "BID",
        "id": "99594"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-1318",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "99594",
        "trust": 1.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006094",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-753",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-753"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1318"
      }
    ]
  },
  "id": "VAR-201707-0551",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T10:26:49.161000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "2003815",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003815"
      },
      {
        "title": "IBM MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71800"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-753"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006094"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1318"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg22003815"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125730"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/99594"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1318"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1318"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003815"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-753"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1318"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "99594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-753"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1318"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-14T00:00:00",
        "db": "BID",
        "id": "99594"
      },
      {
        "date": "2017-08-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-006094"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-753"
      },
      {
        "date": "2017-07-18T13:29:00",
        "db": "NVD",
        "id": "CVE-2017-1318"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-14T00:00:00",
        "db": "BID",
        "id": "99594"
      },
      {
        "date": "2017-08-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-006094"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-753"
      },
      {
        "date": "2017-07-28T18:00:00",
        "db": "NVD",
        "id": "CVE-2017-1318"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-753"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ An arbitrary command execution vulnerability in the appliance",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006094"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-753"
      }
    ],
    "trust": 0.6
  }
}

var-202111-1472
Vulnerability from variot

IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042. IBM MQ Appliance There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 212042 It is published as.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently provided

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1472",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "9.2.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2 lts"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2 cd"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92963"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015733"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38958"
      }
    ]
  },
  "cve": "CVE-2021-38958",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-38958",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2021-92963",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-38958",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "HIGH",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.4,
            "id": "CVE-2021-38958",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-38958",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-38958",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2021-38958",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-38958",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-92963",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202111-2182",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92963"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015733"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2182"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38958"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38958"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042. IBM MQ Appliance There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 212042 It is published as.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently provided",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-38958"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015733"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-92963"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-38958",
        "trust": 3.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015733",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-92963",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4024",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2182",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92963"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015733"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2182"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38958"
      }
    ]
  },
  "id": "VAR-202111-1472",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92963"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92963"
      }
    ]
  },
  "last_update_date": "2024-08-14T13:23:09.492000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6519420 IBM\u00a0X-Force\u00a0Exchange",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6519420"
      },
      {
        "title": "Patch for An unspecified vulnerability exists in IBM MQ Appliance (CNVD-2021-92963)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/302086"
      },
      {
        "title": "IBM MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172099"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92963"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015733"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2182"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015733"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38958"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.ibm.com/support/pages/node/6519420"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212043"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38958"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4024"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-concurrency-issue-36983"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92963"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015733"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2182"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38958"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92963"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015733"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2182"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38958"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-92963"
      },
      {
        "date": "2022-11-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-015733"
      },
      {
        "date": "2021-11-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-2182"
      },
      {
        "date": "2021-11-30T17:15:11.427000",
        "db": "NVD",
        "id": "CVE-2021-38958"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-92963"
      },
      {
        "date": "2022-11-29T08:20:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-015733"
      },
      {
        "date": "2021-12-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-2182"
      },
      {
        "date": "2021-11-30T20:32:18.963000",
        "db": "NVD",
        "id": "CVE-2021-38958"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2182"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015733"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-2182"
      }
    ],
    "trust": 0.6
  }
}

var-201712-0784
Vulnerability from variot

IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. Vendors have confirmed this vulnerability IBM X-Force ID: 126456 It is released as.Information may be tampered with. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0784",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "mq appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM.",
    "sources": [
      {
        "db": "BID",
        "id": "102042"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-1341",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-1341",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.7,
            "baseSeverity": "Low",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-1341",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 1.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-1341",
            "trust": 1.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-101",
            "trust": 0.6,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. Vendors have confirmed this vulnerability IBM X-Force ID: 126456 It is released as.Information may be tampered with. \nAn attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "BID",
        "id": "102042"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-1341",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "102042",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "id": "VAR-201712-0784",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2022-05-04T09:39:21.241000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "2005400",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005400"
      },
      {
        "title": "IBM WebSpher MQ  and IBM WebSpher MQ Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76925"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=swg22005400"
      },
      {
        "trust": 1.6,
        "url": "https://www.securityfocus.com/bid/102042"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1341"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1341"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005400"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "102042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-04T00:00:00",
        "db": "BID",
        "id": "102042"
      },
      {
        "date": "2017-12-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "date": "2017-12-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      },
      {
        "date": "2017-12-07T15:29:00",
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-19T22:01:00",
        "db": "BID",
        "id": "102042"
      },
      {
        "date": "2017-12-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      },
      {
        "date": "2020-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      },
      {
        "date": "2019-10-03T00:03:00",
        "db": "NVD",
        "id": "CVE-2017-1341"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere MQ Access control vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010972"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-101"
      }
    ],
    "trust": 0.6
  }
}

cve-2020-4267
Vulnerability from cvelistv5
Published
2020-04-24 15:50
Modified
2024-09-16 23:01
Summary
IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:06.915Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6195384"
          },
          {
            "name": "ibm-mq-cve20204267-dos (175840)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.5"
            },
            {
              "status": "affected",
              "version": "8.0.0.6"
            },
            {
              "status": "affected",
              "version": "8.0.0.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.8"
            },
            {
              "status": "affected",
              "version": "8.0.0.10"
            },
            {
              "status": "affected",
              "version": "8.0.0.11"
            },
            {
              "status": "affected",
              "version": "9.1.0.1"
            },
            {
              "status": "affected",
              "version": "9.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.7"
            },
            {
              "status": "affected",
              "version": "8.0.0.9"
            },
            {
              "status": "affected",
              "version": "8.0.0.12"
            },
            {
              "status": "affected",
              "version": "9.1.0.2"
            },
            {
              "status": "affected",
              "version": "9.1.2"
            },
            {
              "status": "affected",
              "version": "9.1.0.3"
            },
            {
              "status": "affected",
              "version": "9.1.3"
            },
            {
              "status": "affected",
              "version": "9.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.13"
            },
            {
              "status": "affected",
              "version": "9.1.0.4"
            },
            {
              "status": "affected",
              "version": "9.1.4"
            }
          ]
        }
      ],
      "datePublic": "2020-04-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/C:N/UI:N/AC:H/S:U/I:N/PR:L/AV:N/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-24T15:50:21",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6195384"
        },
        {
          "name": "ibm-mq-cve20204267-dos (175840)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-04-22T00:00:00",
          "ID": "CVE-2020-4267",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.4"
                          },
                          {
                            "version_value": "8.0.0.5"
                          },
                          {
                            "version_value": "8.0.0.6"
                          },
                          {
                            "version_value": "8.0.0.0"
                          },
                          {
                            "version_value": "8.0.0.8"
                          },
                          {
                            "version_value": "8.0.0.10"
                          },
                          {
                            "version_value": "8.0.0.11"
                          },
                          {
                            "version_value": "9.1.0.1"
                          },
                          {
                            "version_value": "9.1.1"
                          },
                          {
                            "version_value": "8.0.0.1"
                          },
                          {
                            "version_value": "8.0.0.7"
                          },
                          {
                            "version_value": "8.0.0.9"
                          },
                          {
                            "version_value": "8.0.0.12"
                          },
                          {
                            "version_value": "9.1.0.2"
                          },
                          {
                            "version_value": "9.1.2"
                          },
                          {
                            "version_value": "9.1.0.3"
                          },
                          {
                            "version_value": "9.1.3"
                          },
                          {
                            "version_value": "9.1"
                          },
                          {
                            "version_value": "8.0.0.13"
                          },
                          {
                            "version_value": "9.1.0.4"
                          },
                          {
                            "version_value": "9.1.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6195384",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6195384 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6195384"
            },
            {
              "name": "ibm-mq-cve20204267-dos (175840)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4267",
    "datePublished": "2020-04-24T15:50:21.949654Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T23:01:18.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-4869
Vulnerability from cvelistv5
Published
2021-01-11 17:10
Modified
2024-09-16 22:55
Summary
IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.119Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6398791"
          },
          {
            "name": "ibm-mq-cve20204869-dos (190831)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190831"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2.0.0"
            },
            {
              "status": "affected",
              "version": "9.2.1"
            }
          ]
        }
      ],
      "datePublic": "2021-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/I:N/AV:N/C:N/UI:N/PR:L/S:U/A:H/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-11T17:10:15",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6398791"
        },
        {
          "name": "ibm-mq-cve20204869-dos (190831)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190831"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-08T00:00:00",
          "ID": "CVE-2020-4869",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2.0.0"
                          },
                          {
                            "version_value": "9.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6398791",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6398791 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6398791"
            },
            {
              "name": "ibm-mq-cve20204869-dos (190831)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190831"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4869",
    "datePublished": "2021-01-11T17:10:15.276254Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T22:55:21.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-4498
Vulnerability from cvelistv5
Published
2020-07-27 13:31
Modified
2024-09-17 03:33
Summary
IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:49.008Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6252409"
          },
          {
            "name": "ibm-mq-cve20204498-info-disc (182118)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182118"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0.0"
            },
            {
              "status": "affected",
              "version": "9.1.0.1"
            },
            {
              "status": "affected",
              "version": "9.1.1"
            },
            {
              "status": "affected",
              "version": "9.1.0.2"
            },
            {
              "status": "affected",
              "version": "9.1.2"
            },
            {
              "status": "affected",
              "version": "9.1.0.3"
            },
            {
              "status": "affected",
              "version": "9.1.3"
            },
            {
              "status": "affected",
              "version": "9.1.0.4"
            },
            {
              "status": "affected",
              "version": "9.1.4"
            },
            {
              "status": "affected",
              "version": "9.1.0.5"
            },
            {
              "status": "affected",
              "version": "9.1.5"
            }
          ]
        }
      ],
      "datePublic": "2020-07-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.6,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/AV:L/A:N/S:U/UI:N/PR:H/I:N/C:H/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-27T13:31:24",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6252409"
        },
        {
          "name": "ibm-mq-cve20204498-info-disc (182118)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182118"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-07-23T00:00:00",
          "ID": "CVE-2020-4498",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.1.0.0"
                          },
                          {
                            "version_value": "9.1.0.1"
                          },
                          {
                            "version_value": "9.1.1"
                          },
                          {
                            "version_value": "9.1.0.2"
                          },
                          {
                            "version_value": "9.1.2"
                          },
                          {
                            "version_value": "9.1.0.3"
                          },
                          {
                            "version_value": "9.1.3"
                          },
                          {
                            "version_value": "9.1.0.4"
                          },
                          {
                            "version_value": "9.1.4"
                          },
                          {
                            "version_value": "9.1.0.5"
                          },
                          {
                            "version_value": "9.1.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "L",
              "C": "H",
              "I": "N",
              "PR": "H",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6252409",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6252409 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6252409"
            },
            {
              "name": "ibm-mq-cve20204498-info-disc (182118)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182118"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4498",
    "datePublished": "2020-07-27T13:31:24.867712Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T03:33:36.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-38999
Vulnerability from cvelistv5
Published
2021-11-30 16:45
Modified
2024-09-17 02:56
Summary
IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:58:16.516Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6519418"
          },
          {
            "name": "ibm-mq-cve202138999-info-disc (213214)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213214"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2.0.0"
            },
            {
              "status": "affected",
              "version": "9.2.1"
            },
            {
              "status": "affected",
              "version": "9.2.0.1"
            },
            {
              "status": "affected",
              "version": "9.2.2"
            },
            {
              "status": "affected",
              "version": "9.2.0.2"
            },
            {
              "status": "affected",
              "version": "9.2.0.3"
            },
            {
              "status": "affected",
              "version": "9.2.3"
            }
          ]
        }
      ],
      "datePublic": "2021-11-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/UI:N/S:U/PR:N/AC:H/AV:L/C:H/I:N/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-30T16:45:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6519418"
        },
        {
          "name": "ibm-mq-cve202138999-info-disc (213214)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213214"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-11-29T00:00:00",
          "ID": "CVE-2021-38999",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2.0.0"
                          },
                          {
                            "version_value": "9.2.1"
                          },
                          {
                            "version_value": "9.2.0.1"
                          },
                          {
                            "version_value": "9.2.2"
                          },
                          {
                            "version_value": "9.2.0.2"
                          },
                          {
                            "version_value": "9.2.0.3"
                          },
                          {
                            "version_value": "9.2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "L",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6519418",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6519418 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6519418"
            },
            {
              "name": "ibm-mq-cve202138999-info-disc (213214)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213214"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-38999",
    "datePublished": "2021-11-30T16:45:18.129251Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-17T02:56:42.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-46177
Vulnerability from cvelistv5
Published
2023-12-18 14:11
Modified
2024-08-02 20:37
Summary
IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:39.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7091235"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269536"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.3 LTS, 9.3 CD"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system.  An attacker could send a specially crafted URL request to view arbitrary files on the system.  IBM X-Force ID:  269536."
            }
          ],
          "value": "IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system.  An attacker could send a specially crafted URL request to view arbitrary files on the system.  IBM X-Force ID:  269536."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-18T14:11:51.583Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7091235"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269536"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM MQ Appliance information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-46177",
    "datePublished": "2023-12-18T14:11:51.583Z",
    "dateReserved": "2023-10-17T22:30:29.595Z",
    "dateUpdated": "2024-08-02T20:37:39.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-4465
Vulnerability from cvelistv5
Published
2020-07-28 12:05
Modified
2024-09-16 23:56
Summary
IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6252783"
          },
          {
            "name": "ibm-mq-cve20204465-dos (181562)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181562"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "9.1.LTS"
            },
            {
              "status": "affected",
              "version": "9.1.CD"
            }
          ]
        }
      ],
      "datePublic": "2020-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/PR:L/AC:H/C:N/A:H/AV:N/UI:N/I:N/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-28T12:05:27",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6252783"
        },
        {
          "name": "ibm-mq-cve20204465-dos (181562)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181562"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-07-27T00:00:00",
          "ID": "CVE-2020-4465",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "9.1.LTS"
                          },
                          {
                            "version_value": "9.1.CD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6252783",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6252783 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6252783"
            },
            {
              "name": "ibm-mq-cve20204465-dos (181562)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181562"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4465",
    "datePublished": "2020-07-28T12:05:27.638914Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T23:56:15.178Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-4870
Vulnerability from cvelistv5
Published
2020-12-21 17:50
Modified
2024-09-17 03:22
Summary
IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833.
Impacted products
Vendor Product Version
IBM MQ Appliance Version: 9.2.0.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.059Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6380742"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6386466"
          },
          {
            "name": "ibm-mq-cve20204870-dos (190833)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2.0"
            }
          ]
        },
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2.0.0"
            }
          ]
        }
      ],
      "datePublic": "2020-12-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:N/AC:H/S:U/UI:N/AV:N/A:H/I:N/C:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-21T17:50:32",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6380742"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6386466"
        },
        {
          "name": "ibm-mq-cve20204870-dos (190833)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-12-18T00:00:00",
          "ID": "CVE-2020-4870",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6380742",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6380742 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6380742"
            },
            {
              "name": "https://www.ibm.com/support/pages/node/6386466",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6386466 (MQ)",
              "url": "https://www.ibm.com/support/pages/node/6386466"
            },
            {
              "name": "ibm-mq-cve20204870-dos (190833)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4870",
    "datePublished": "2020-12-21T17:50:32.362789Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T03:22:23.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-4375
Vulnerability from cvelistv5
Published
2020-07-28 12:05
Modified
2024-09-16 19:25
Summary
IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:07.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6252785"
          },
          {
            "name": "ibm-mq-cve20204375-dos (179080)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179080"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "9.1.LTS"
            },
            {
              "status": "affected",
              "version": "9.1.CD"
            }
          ]
        }
      ],
      "datePublic": "2020-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/A:H/AC:H/C:N/PR:N/S:U/I:N/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-28T12:05:27",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6252785"
        },
        {
          "name": "ibm-mq-cve20204375-dos (179080)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179080"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-07-27T00:00:00",
          "ID": "CVE-2020-4375",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "9.1.LTS"
                          },
                          {
                            "version_value": "9.1.CD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6252785",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6252785 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6252785"
            },
            {
              "name": "ibm-mq-cve20204375-dos (179080)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179080"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4375",
    "datePublished": "2020-07-28T12:05:27.198491Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T19:25:56.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1429
Vulnerability from cvelistv5
Published
2018-03-23 19:00
Modified
2024-09-16 18:55
Summary
IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.044Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040564",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040564"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22014046"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077"
          },
          {
            "name": "103491",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103491"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.2"
            },
            {
              "status": "affected",
              "version": "9.0.3"
            },
            {
              "status": "affected",
              "version": "9.0.4"
            }
          ]
        }
      ],
      "datePublic": "2018-03-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-24T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1040564",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040564"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22014046"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077"
        },
        {
          "name": "103491",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103491"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-03-21T00:00:00",
          "ID": "CVE-2018-1429",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "9.0.2"
                          },
                          {
                            "version_value": "9.0.3"
                          },
                          {
                            "version_value": "9.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040564",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040564"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22014046",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22014046"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077"
            },
            {
              "name": "103491",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103491"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1429",
    "datePublished": "2018-03-23T19:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T18:55:24.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-22356
Vulnerability from cvelistv5
Published
2022-04-05 16:45
Modified
2024-09-16 18:49
Summary
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:14:54.984Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6564711"
          },
          {
            "name": "ibm-mq-cve202222356-info-disc (220487)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220487"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2 LTS"
            },
            {
              "status": "affected",
              "version": "9.2 CD"
            }
          ]
        }
      ],
      "datePublic": "2022-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:H/PR:L/S:U/I:N/UI:N/A:N/AV:N/AC:H/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-05T16:45:22",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6564711"
        },
        {
          "name": "ibm-mq-cve202222356-info-disc (220487)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220487"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-04-04T00:00:00",
          "ID": "CVE-2022-22356",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2 LTS"
                          },
                          {
                            "version_value": "9.2 CD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6564711",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6564711 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6564711"
            },
            {
              "name": "ibm-mq-cve202222356-info-disc (220487)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220487"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-22356",
    "datePublished": "2022-04-05T16:45:22.946689Z",
    "dateReserved": "2022-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:49:50.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-22316
Vulnerability from cvelistv5
Published
2022-03-23 16:20
Modified
2024-09-16 18:44
Summary
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:07:50.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6560040"
          },
          {
            "name": "ibm-mq-cve202222316-dos (218276)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218276"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2 LTS"
            },
            {
              "status": "affected",
              "version": "9.2 CD"
            }
          ]
        }
      ],
      "datePublic": "2022-03-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:L/A:H/AC:H/AV:N/C:N/I:N/S:U/UI:N/E:U/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-23T16:20:12",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6560040"
        },
        {
          "name": "ibm-mq-cve202222316-dos (218276)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218276"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-03-18T00:00:00",
          "ID": "CVE-2022-22316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2 LTS"
                          },
                          {
                            "version_value": "9.2 CD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6560040",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6560040 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6560040"
            },
            {
              "name": "ibm-mq-cve202222316-dos (218276)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218276"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-22316",
    "datePublished": "2022-03-23T16:20:12.777181Z",
    "dateReserved": "2022-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:44:16.061Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-52896
Vulnerability from cvelistv5
Published
2024-12-19 17:01
Modified
2024-12-20 17:40
Summary
IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52896",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-20T16:45:05.829507Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-20T17:40:50.695Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
            "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.\u003c/span\u003e"
            }
          ],
          "value": "IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T17:05:46.722Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7178244"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM MQ Appliance information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-52896",
    "datePublished": "2024-12-19T17:01:20.061Z",
    "dateReserved": "2024-11-17T14:25:44.935Z",
    "dateUpdated": "2024-12-20T17:40:50.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4294
Vulnerability from cvelistv5
Published
2019-08-20 18:25
Modified
2024-09-16 18:34
Summary
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188.
Impacted products
Vendor Product Version
IBM DataPower Gateway Version: 7.6.0.0
Version: 2018.4.1.0
Version: 2018.4.1.6
Version: 7.6.0.15
Version: CD
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:37.649Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887005"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10958933"
          },
          {
            "name": "ibm-mq-cve20194294-code-exec (160701)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160701"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.5"
            },
            {
              "status": "affected",
              "version": "8.0.0.6"
            },
            {
              "status": "affected",
              "version": "8.0.0.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.8"
            },
            {
              "status": "affected",
              "version": "8.0.0.10"
            },
            {
              "status": "affected",
              "version": "9.1.0.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.11"
            },
            {
              "status": "affected",
              "version": "9.1.0.1"
            },
            {
              "status": "affected",
              "version": "9.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.7"
            },
            {
              "status": "affected",
              "version": "8.0.0.9"
            },
            {
              "status": "affected",
              "version": "8.0.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.12"
            },
            {
              "status": "affected",
              "version": "9.1.0.2"
            },
            {
              "status": "affected",
              "version": "9.1.2"
            }
          ]
        },
        {
          "product": "DataPower Gateway",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0.0"
            },
            {
              "status": "affected",
              "version": "2018.4.1.0"
            },
            {
              "status": "affected",
              "version": "2018.4.1.6"
            },
            {
              "status": "affected",
              "version": "7.6.0.15"
            },
            {
              "status": "affected",
              "version": "CD"
            }
          ]
        }
      ],
      "datePublic": "2019-08-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/A:H/C:H/PR:N/I:H/UI:N/AV:L/S:U/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-20T18:25:26",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887005"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10958933"
        },
        {
          "name": "ibm-mq-cve20194294-code-exec (160701)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160701"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-08-13T00:00:00",
          "ID": "CVE-2019-4294",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.4"
                          },
                          {
                            "version_value": "8.0.0.5"
                          },
                          {
                            "version_value": "8.0.0.6"
                          },
                          {
                            "version_value": "8.0.0.0"
                          },
                          {
                            "version_value": "8.0.0.8"
                          },
                          {
                            "version_value": "8.0.0.10"
                          },
                          {
                            "version_value": "9.1.0.0"
                          },
                          {
                            "version_value": "8.0.0.11"
                          },
                          {
                            "version_value": "9.1.0.1"
                          },
                          {
                            "version_value": "9.1.1"
                          },
                          {
                            "version_value": "8.0.0.1"
                          },
                          {
                            "version_value": "8.0.0.7"
                          },
                          {
                            "version_value": "8.0.0.9"
                          },
                          {
                            "version_value": "8.0.0.2"
                          },
                          {
                            "version_value": "8.0.0.12"
                          },
                          {
                            "version_value": "9.1.0.2"
                          },
                          {
                            "version_value": "9.1.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "DataPower Gateway",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0.0"
                          },
                          {
                            "version_value": "2018.4.1.0"
                          },
                          {
                            "version_value": "2018.4.1.6"
                          },
                          {
                            "version_value": "7.6.0.15"
                          },
                          {
                            "version_value": "CD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10887005",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 887005 (MQ Appliance)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887005"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10958933",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 958933 (DataPower Gateway)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10958933"
            },
            {
              "name": "ibm-mq-cve20194294-code-exec (160701)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160701"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4294",
    "datePublished": "2019-08-20T18:25:26.483137Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:34:28.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-38967
Vulnerability from cvelistv5
Published
2021-11-30 16:45
Modified
2024-09-17 00:21
Summary
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:51:20.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6512826"
          },
          {
            "name": "ibm-mq-cve202138967-code-exec (212441)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212441"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2.0.0"
            },
            {
              "status": "affected",
              "version": "9.2.1"
            },
            {
              "status": "affected",
              "version": "9.2.0.1"
            },
            {
              "status": "affected",
              "version": "9.2.2"
            },
            {
              "status": "affected",
              "version": "9.2.0.2"
            },
            {
              "status": "affected",
              "version": "9.2.0.3"
            },
            {
              "status": "affected",
              "version": "9.2.3"
            }
          ]
        }
      ],
      "datePublic": "2021-11-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 7.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:C/UI:N/A:H/C:H/AV:L/I:H/AC:L/PR:H/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-30T16:45:16",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6512826"
        },
        {
          "name": "ibm-mq-cve202138967-code-exec (212441)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212441"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-11-29T00:00:00",
          "ID": "CVE-2021-38967",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2.0.0"
                          },
                          {
                            "version_value": "9.2.1"
                          },
                          {
                            "version_value": "9.2.0.1"
                          },
                          {
                            "version_value": "9.2.2"
                          },
                          {
                            "version_value": "9.2.0.2"
                          },
                          {
                            "version_value": "9.2.0.3"
                          },
                          {
                            "version_value": "9.2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "H",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6512826",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6512826 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6512826"
            },
            {
              "name": "ibm-mq-cve202138967-code-exec (212441)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212441"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-38967",
    "datePublished": "2021-11-30T16:45:16.628657Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-17T00:21:05.932Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-28513
Vulnerability from cvelistv5
Published
2023-07-19 01:49
Modified
2024-10-21 15:35
Summary
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.
Impacted products
Vendor Product Version
IBM MQ Appliance Version: 9.2 LTS, 9.3 LTS, 9.2 CD, 9.2 LTS
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:43:23.049Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7007421"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7007731"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28513",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T15:34:38.689370Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T15:35:56.231Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MQ",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, 9.3 CD"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2 LTS, 9.3 LTS, 9.2 CD, 9.2 LTS"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages.  IBM X-Force ID:  250397."
            }
          ],
          "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages.  IBM X-Force ID:  250397."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-19T01:49:14.604Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7007421"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7007731"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM MQ denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-28513",
    "datePublished": "2023-07-19T01:49:14.604Z",
    "dateReserved": "2023-03-16T21:05:38.974Z",
    "dateUpdated": "2024-10-21T15:35:56.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-4319
Vulnerability from cvelistv5
Published
2020-07-28 12:05
Modified
2024-09-16 22:14
Summary
IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:07.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6252777"
          },
          {
            "name": "ibm-mq-cve20204319-info-disc (177402)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177402"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "9.1.LTS"
            },
            {
              "status": "affected",
              "version": "9.1.CD"
            }
          ]
        }
      ],
      "datePublic": "2020-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 2.7,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/I:N/PR:L/S:U/C:L/AC:H/A:N/AV:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-28T12:05:26",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6252777"
        },
        {
          "name": "ibm-mq-cve20204319-info-disc (177402)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177402"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-07-27T00:00:00",
          "ID": "CVE-2020-4319",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "9.1.LTS"
                          },
                          {
                            "version_value": "9.1.CD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6252777",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6252777 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6252777"
            },
            {
              "name": "ibm-mq-cve20204319-info-disc (177402)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177402"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4319",
    "datePublished": "2020-07-28T12:05:26.710761Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T22:14:21.498Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-4938
Vulnerability from cvelistv5
Published
2021-07-12 16:05
Modified
2024-09-17 04:20
Summary
IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.194Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6466717"
          },
          {
            "name": "ibm-mq-cve20204938-csrf (191815)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191815"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.1"
            },
            {
              "status": "affected",
              "version": "9.2"
            }
          ]
        }
      ],
      "datePublic": "2021-07-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/S:U/A:N/AC:L/PR:N/I:L/C:N/AV:N/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-12T16:05:26",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6466717"
        },
        {
          "name": "ibm-mq-cve20204938-csrf (191815)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191815"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-07-09T00:00:00",
          "ID": "CVE-2020-4938",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.1"
                          },
                          {
                            "version_value": "9.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "L",
              "PR": "N",
              "S": "U",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6466717",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6466717 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6466717"
            },
            {
              "name": "ibm-mq-cve20204938-csrf (191815)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191815"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4938",
    "datePublished": "2021-07-12T16:05:26.126920Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T04:20:21.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4620
Vulnerability from cvelistv5
Published
2020-01-28 18:30
Modified
2024-09-17 03:18
Summary
IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:48.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1125891"
          },
          {
            "name": "ibm-mq-cve20194620-sec-bypass (168863)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168863"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.5"
            },
            {
              "status": "affected",
              "version": "8.0.0.6"
            },
            {
              "status": "affected",
              "version": "8.0.0.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.10"
            },
            {
              "status": "affected",
              "version": "8.0.0.11"
            },
            {
              "status": "affected",
              "version": "9.1.0.1"
            },
            {
              "status": "affected",
              "version": "9.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.7"
            },
            {
              "status": "affected",
              "version": "8.0.0.9"
            },
            {
              "status": "affected",
              "version": "8.0.0.12"
            },
            {
              "status": "affected",
              "version": "9.1.0.2"
            },
            {
              "status": "affected",
              "version": "9.1.2"
            },
            {
              "status": "affected",
              "version": "9.1.0.3"
            },
            {
              "status": "affected",
              "version": "9.1.3"
            },
            {
              "status": "affected",
              "version": "9.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.13"
            }
          ]
        }
      ],
      "datePublic": "2020-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/A:H/I:H/AC:L/AV:L/C:H/UI:N/PR:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Bypass Security",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-28T18:30:52",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1125891"
        },
        {
          "name": "ibm-mq-cve20194620-sec-bypass (168863)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168863"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-01-23T00:00:00",
          "ID": "CVE-2019-4620",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.4"
                          },
                          {
                            "version_value": "8.0.0.5"
                          },
                          {
                            "version_value": "8.0.0.6"
                          },
                          {
                            "version_value": "8.0.0.0"
                          },
                          {
                            "version_value": "8.0.0.10"
                          },
                          {
                            "version_value": "8.0.0.11"
                          },
                          {
                            "version_value": "9.1.0.1"
                          },
                          {
                            "version_value": "9.1.1"
                          },
                          {
                            "version_value": "8.0.0.1"
                          },
                          {
                            "version_value": "8.0.0.7"
                          },
                          {
                            "version_value": "8.0.0.9"
                          },
                          {
                            "version_value": "8.0.0.12"
                          },
                          {
                            "version_value": "9.1.0.2"
                          },
                          {
                            "version_value": "9.1.2"
                          },
                          {
                            "version_value": "9.1.0.3"
                          },
                          {
                            "version_value": "9.1.3"
                          },
                          {
                            "version_value": "9.1"
                          },
                          {
                            "version_value": "8.0.0.13"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Bypass Security"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1125891",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1125891 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/1125891"
            },
            {
              "name": "ibm-mq-cve20194620-sec-bypass (168863)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168863"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4620",
    "datePublished": "2020-01-28T18:30:53.030821Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T03:18:41.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-51471
Vulnerability from cvelistv5
Published
2024-12-19 17:11
Modified
2024-12-20 17:55
Summary
IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-51471",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-20T17:55:02.866568Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-20T17:55:19.110Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
            "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.3 LTS, 9.3 CD, 9.4 LTS"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eweb console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u00a0web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T17:15:25.805Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7178243"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM MQ Appliance denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-51471",
    "datePublished": "2024-12-19T17:11:02.223Z",
    "dateReserved": "2024-10-28T10:50:18.700Z",
    "dateUpdated": "2024-12-20T17:55:19.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-52897
Vulnerability from cvelistv5
Published
2024-12-19 17:18
Modified
2024-12-20 17:53
Summary
IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52897",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-20T17:52:05.732429Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-20T17:53:01.240Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
            "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.3 LTS, 9.3 CD, 9.4 LTS"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eweb console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u00a0web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T17:18:11.436Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7178086"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM MQ Appliance information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-52897",
    "datePublished": "2024-12-19T17:18:11.436Z",
    "dateReserved": "2024-11-17T14:25:44.935Z",
    "dateUpdated": "2024-12-20T17:53:01.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-29843
Vulnerability from cvelistv5
Published
2021-11-08 16:50
Modified
2024-09-17 00:26
Summary
IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:03.168Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6513681"
          },
          {
            "name": "ibm-mq-cve202129843-dos (205203)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205203"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.LTS"
            },
            {
              "status": "affected",
              "version": "9.1.CD"
            },
            {
              "status": "affected",
              "version": "9.2.LTS"
            },
            {
              "status": "affected",
              "version": "9.2.CD"
            }
          ]
        }
      ],
      "datePublic": "2021-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:N/C:N/AC:H/S:U/A:H/UI:N/PR:L/AV:N/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-08T16:50:32",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6513681"
        },
        {
          "name": "ibm-mq-cve202129843-dos (205203)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205203"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-11-05T00:00:00",
          "ID": "CVE-2021-29843",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.1.LTS"
                          },
                          {
                            "version_value": "9.1.CD"
                          },
                          {
                            "version_value": "9.2.LTS"
                          },
                          {
                            "version_value": "9.2.CD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6513681",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6513681 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6513681"
            },
            {
              "name": "ibm-mq-cve202129843-dos (205203)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205203"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29843",
    "datePublished": "2021-11-08T16:50:32.227400Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-17T00:26:18.641Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-4592
Vulnerability from cvelistv5
Published
2020-11-18 17:20
Modified
2024-09-16 22:40
Summary
IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6359019"
          },
          {
            "name": "ibm-mq-cve20204592-data-manipulation (184755)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184755"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.LTS"
            },
            {
              "status": "affected",
              "version": "9.1.CD"
            }
          ]
        }
      ],
      "datePublic": "2020-11-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:L/AV:N/AC:H/S:U/UI:N/I:H/C:N/A:N/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Data Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-18T17:20:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6359019"
        },
        {
          "name": "ibm-mq-cve20204592-data-manipulation (184755)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184755"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-11-17T00:00:00",
          "ID": "CVE-2020-4592",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.1.LTS"
                          },
                          {
                            "version_value": "9.1.CD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "N",
              "I": "H",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Data Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6359019",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6359019 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6359019"
            },
            {
              "name": "ibm-mq-cve20204592-data-manipulation (184755)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184755"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4592",
    "datePublished": "2020-11-18T17:20:18.953203Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T22:40:17.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1652
Vulnerability from cvelistv5
Published
2018-12-11 16:00
Modified
2024-09-16 17:54
Summary
IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724.
Impacted products
Vendor Product Version
IBM MQ Appliance Version: 9.0.1
Version: 9.0.5
Version: 8.0.0.0
Version: 8.0.0.8
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.070Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-mq-cve20181652-dos(144724)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DataPower Gateways",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.0.0"
            },
            {
              "status": "affected",
              "version": "7.2.0.0"
            },
            {
              "status": "affected",
              "version": "7.5.0.0"
            },
            {
              "status": "affected",
              "version": "7.5.1.0"
            },
            {
              "status": "affected",
              "version": "7.6.0.0"
            },
            {
              "status": "affected",
              "version": "7.5.2.0"
            },
            {
              "status": "affected",
              "version": "7.6.0.2"
            },
            {
              "status": "affected",
              "version": "7.5.2.9"
            },
            {
              "status": "affected",
              "version": "7.5.1.9"
            },
            {
              "status": "affected",
              "version": "7.5.0.10"
            },
            {
              "status": "affected",
              "version": "7.2.0.16"
            },
            {
              "status": "affected",
              "version": "7.1.0.19"
            }
          ]
        },
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.5"
            },
            {
              "status": "affected",
              "version": "8.0.0.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.8"
            }
          ]
        }
      ],
      "datePublic": "2018-12-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-11T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-mq-cve20181652-dos(144724)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-12-10T00:00:00",
          "ID": "CVE-2018-1652",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DataPower Gateways",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.1.0.0"
                          },
                          {
                            "version_value": "7.2.0.0"
                          },
                          {
                            "version_value": "7.5.0.0"
                          },
                          {
                            "version_value": "7.5.1.0"
                          },
                          {
                            "version_value": "7.6.0.0"
                          },
                          {
                            "version_value": "7.5.2.0"
                          },
                          {
                            "version_value": "7.6.0.2"
                          },
                          {
                            "version_value": "7.5.2.9"
                          },
                          {
                            "version_value": "7.5.1.9"
                          },
                          {
                            "version_value": "7.5.0.10"
                          },
                          {
                            "version_value": "7.2.0.16"
                          },
                          {
                            "version_value": "7.1.0.19"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "9.0.5"
                          },
                          {
                            "version_value": "8.0.0.0"
                          },
                          {
                            "version_value": "8.0.0.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-mq-cve20181652-dos(144724)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10717483",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10744557",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1652",
    "datePublished": "2018-12-11T16:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T17:54:00.095Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-4931
Vulnerability from cvelistv5
Published
2021-02-24 17:20
Modified
2024-09-17 03:07
Summary
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.186Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6403295"
          },
          {
            "name": "ibm-mq-cve20204931-dos (191747)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0.0"
            },
            {
              "status": "affected",
              "version": "9.1.0.1"
            },
            {
              "status": "affected",
              "version": "9.1.1"
            },
            {
              "status": "affected",
              "version": "9.1.0.2"
            },
            {
              "status": "affected",
              "version": "9.1.2"
            },
            {
              "status": "affected",
              "version": "9.1.0.3"
            },
            {
              "status": "affected",
              "version": "9.1.3"
            },
            {
              "status": "affected",
              "version": "9.1.0.4"
            },
            {
              "status": "affected",
              "version": "9.1.4"
            },
            {
              "status": "affected",
              "version": "9.1.0.5"
            },
            {
              "status": "affected",
              "version": "9.1.5"
            },
            {
              "status": "affected",
              "version": "9.1.0.6"
            },
            {
              "status": "affected",
              "version": "9.2.0.0"
            },
            {
              "status": "affected",
              "version": "9.2.0.1"
            }
          ]
        }
      ],
      "datePublic": "2021-02-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/S:U/UI:N/A:H/C:N/PR:L/I:N/AC:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T17:20:13",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6403295"
        },
        {
          "name": "ibm-mq-cve20204931-dos (191747)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-02-23T00:00:00",
          "ID": "CVE-2020-4931",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.1.0.0"
                          },
                          {
                            "version_value": "9.1.0.1"
                          },
                          {
                            "version_value": "9.1.1"
                          },
                          {
                            "version_value": "9.1.0.2"
                          },
                          {
                            "version_value": "9.1.2"
                          },
                          {
                            "version_value": "9.1.0.3"
                          },
                          {
                            "version_value": "9.1.3"
                          },
                          {
                            "version_value": "9.1.0.4"
                          },
                          {
                            "version_value": "9.1.4"
                          },
                          {
                            "version_value": "9.1.0.5"
                          },
                          {
                            "version_value": "9.1.5"
                          },
                          {
                            "version_value": "9.1.0.6"
                          },
                          {
                            "version_value": "9.2.0.0"
                          },
                          {
                            "version_value": "9.2.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6403295",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6403295 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6403295"
            },
            {
              "name": "ibm-mq-cve20204931-dos (191747)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4931",
    "datePublished": "2021-02-24T17:20:13.887915Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T03:07:35.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-38958
Vulnerability from cvelistv5
Published
2021-11-30 16:45
Modified
2024-09-16 20:16
Summary
IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:51:20.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6519420"
          },
          {
            "name": "ibm-mq-cve202138958-dos (212043)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212043"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2.0.0"
            },
            {
              "status": "affected",
              "version": "9.2.1"
            },
            {
              "status": "affected",
              "version": "9.2.0.1"
            },
            {
              "status": "affected",
              "version": "9.2.2"
            },
            {
              "status": "affected",
              "version": "9.2.0.2"
            },
            {
              "status": "affected",
              "version": "9.2.0.3"
            },
            {
              "status": "affected",
              "version": "9.2.3"
            }
          ]
        }
      ],
      "datePublic": "2021-11-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/UI:N/A:H/I:N/C:N/AV:L/PR:N/AC:H/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-30T16:45:15",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6519420"
        },
        {
          "name": "ibm-mq-cve202138958-dos (212043)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212043"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-11-29T00:00:00",
          "ID": "CVE-2021-38958",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2.0.0"
                          },
                          {
                            "version_value": "9.2.1"
                          },
                          {
                            "version_value": "9.2.0.1"
                          },
                          {
                            "version_value": "9.2.2"
                          },
                          {
                            "version_value": "9.2.0.2"
                          },
                          {
                            "version_value": "9.2.0.3"
                          },
                          {
                            "version_value": "9.2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042"
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "L",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6519420",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6519420 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6519420"
            },
            {
              "name": "ibm-mq-cve202138958-dos (212043)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212043"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-38958",
    "datePublished": "2021-11-30T16:45:15.183527Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-16T20:16:24.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-1318
Vulnerability from cvelistv5
Published
2017-07-18 13:00
Modified
2024-09-16 20:32
Severity ?
Summary
IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:28.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22003815"
          },
          {
            "name": "99594",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99594"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125730"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.5"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.6"
            }
          ]
        }
      ],
      "datePublic": "2017-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T09:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22003815"
        },
        {
          "name": "99594",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99594"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125730"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-07-14T00:00:00",
          "ID": "CVE-2017-1318",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.4"
                          },
                          {
                            "version_value": "8.0.0.5"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "9.0.2"
                          },
                          {
                            "version_value": "8.0.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22003815",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22003815"
            },
            {
              "name": "99594",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99594"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125730",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125730"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1318",
    "datePublished": "2017-07-18T13:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T20:32:26.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-46176
Vulnerability from cvelistv5
Published
2023-11-03 00:06
Modified
2024-09-04 20:29
Summary
IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:39.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7060769"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269535"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46176",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:27:15.963875Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:29:27.069Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.3 CD"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys.  IBM X-Force ID:  269535."
            }
          ],
          "value": "IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys.  IBM X-Force ID:  269535."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-424",
              "description": "CWE-424 Improper Protection of Alternate Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-03T00:06:38.556Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7060769"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269535"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM MQ privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-46176",
    "datePublished": "2023-11-03T00:06:38.556Z",
    "dateReserved": "2023-10-17T22:30:29.595Z",
    "dateUpdated": "2024-09-04T20:29:27.069Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-25048
Vulnerability from cvelistv5
Published
2024-04-27 12:07
Modified
2024-08-01 23:36
Summary
IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:lts:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mq_appliance",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:continuous_delivery:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mq_appliance",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.0.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-25048",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-29T16:28:58.874065Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:35:01.063Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:36:21.564Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7149481"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283137"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.3 LTS, 9.3 CD"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.  IBM X-Force ID:  283137."
            }
          ],
          "value": "IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.  IBM X-Force ID:  283137."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-27T12:07:33.519Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7149481"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283137"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM MQ code execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-25048",
    "datePublished": "2024-04-27T12:07:33.519Z",
    "dateReserved": "2024-02-03T14:49:33.094Z",
    "dateUpdated": "2024-08-01T23:36:21.564Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-51470
Vulnerability from cvelistv5
Published
2024-12-18 19:56
Modified
2024-12-18 20:24
Summary
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
Impacted products
Vendor Product Version
IBM MQ Appliance Version: 9.3 LTS, 9.3 CD, 9.4 LTS
    cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*
    cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*
    cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*
IBM MQ for HPE NonStop Version: 8.1.0    8.1.0.25
    cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-51470",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-18T20:24:17.133411Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-18T20:24:38.409Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
            "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MQ",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
            "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.3 LTS, 9.3 CD, 9.4 LTS"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MQ for HPE NonStop",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "8.1.0.25",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ\u0026nbsp;9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u0026nbsp;9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u0026nbsp;could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.\u003c/span\u003e"
            }
          ],
          "value": "IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-18T19:56:10.377Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7179137"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7178085"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7177593"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM MQ denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-51470",
    "datePublished": "2024-12-18T19:56:10.377Z",
    "dateReserved": "2024-10-28T10:50:18.700Z",
    "dateUpdated": "2024-12-18T20:24:38.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-38986
Vulnerability from cvelistv5
Published
2022-03-01 16:45
Modified
2024-09-17 01:36
Summary
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:58:16.429Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6560032"
          },
          {
            "name": "ibm-mq-cve202138986-session-fixation (212942)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212942"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2 LTS"
            },
            {
              "status": "affected",
              "version": "9.2 CD"
            }
          ]
        }
      ],
      "datePublic": "2022-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/S:U/I:L/PR:N/C:L/AV:N/UI:N/A:L/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-01T16:45:25",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6560032"
        },
        {
          "name": "ibm-mq-cve202138986-session-fixation (212942)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212942"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-02-28T00:00:00",
          "ID": "CVE-2021-38986",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2 LTS"
                          },
                          {
                            "version_value": "9.2 CD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "H",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6560032",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6560032 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6560032"
            },
            {
              "name": "ibm-mq-cve202138986-session-fixation (212942)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212942"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-38986",
    "datePublished": "2022-03-01T16:45:25.622031Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-17T01:36:34.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-22321
Vulnerability from cvelistv5
Published
2022-03-01 16:45
Modified
2024-09-16 18:03
Summary
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:07:50.236Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6560042"
          },
          {
            "name": "ibm-mq-cve202222321-info-disc (218368)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2 LTS"
            },
            {
              "status": "affected",
              "version": "9.2 CD"
            }
          ]
        }
      ],
      "datePublic": "2022-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AV:L/UI:N/C:H/PR:N/I:N/S:U/AC:H/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-01T16:45:26",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6560042"
        },
        {
          "name": "ibm-mq-cve202222321-info-disc (218368)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-02-28T00:00:00",
          "ID": "CVE-2022-22321",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2 LTS"
                          },
                          {
                            "version_value": "9.2 CD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "L",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6560042",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6560042 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6560042"
            },
            {
              "name": "ibm-mq-cve202222321-info-disc (218368)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-22321",
    "datePublished": "2022-03-01T16:45:26.994220Z",
    "dateReserved": "2022-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:03:45.740Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-22355
Vulnerability from cvelistv5
Published
2022-04-05 16:45
Modified
2024-09-17 00:56
Summary
IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:14:54.744Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6564711"
          },
          {
            "name": "ibm-mq-cve202222355-dos (220486)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220486"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2 LTS"
            },
            {
              "status": "affected",
              "version": "9.2 CD"
            }
          ]
        }
      ],
      "datePublic": "2022-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/A:L/AV:N/AC:L/C:N/PR:N/S:U/I:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-05T16:45:21",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6564711"
        },
        {
          "name": "ibm-mq-cve202222355-dos (220486)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220486"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-04-04T00:00:00",
          "ID": "CVE-2022-22355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2 LTS"
                          },
                          {
                            "version_value": "9.2 CD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6564711",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6564711 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6564711"
            },
            {
              "name": "ibm-mq-cve202222355-dos (220486)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220486"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-22355",
    "datePublished": "2022-04-05T16:45:21.335870Z",
    "dateReserved": "2022-01-03T00:00:00",
    "dateUpdated": "2024-09-17T00:56:53.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-39000
Vulnerability from cvelistv5
Published
2021-11-30 16:45
Modified
2024-09-16 16:13
Summary
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:58:16.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6519422"
          },
          {
            "name": "ibm-mq-cve202139000-info-disc (213215)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213215"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.2.0.0"
            },
            {
              "status": "affected",
              "version": "9.2.1"
            },
            {
              "status": "affected",
              "version": "9.2.0.1"
            },
            {
              "status": "affected",
              "version": "9.2.2"
            },
            {
              "status": "affected",
              "version": "9.2.0.2"
            },
            {
              "status": "affected",
              "version": "9.2.0.3"
            },
            {
              "status": "affected",
              "version": "9.2.3"
            }
          ]
        }
      ],
      "datePublic": "2021-11-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/PR:N/AV:N/C:H/I:N/UI:N/A:N/S:U/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-30T16:45:19",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6519422"
        },
        {
          "name": "ibm-mq-cve202139000-info-disc (213215)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213215"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-11-29T00:00:00",
          "ID": "CVE-2021-39000",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2.0.0"
                          },
                          {
                            "version_value": "9.2.1"
                          },
                          {
                            "version_value": "9.2.0.1"
                          },
                          {
                            "version_value": "9.2.2"
                          },
                          {
                            "version_value": "9.2.0.2"
                          },
                          {
                            "version_value": "9.2.0.3"
                          },
                          {
                            "version_value": "9.2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6519422",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6519422 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/6519422"
            },
            {
              "name": "ibm-mq-cve202139000-info-disc (213215)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213215"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-39000",
    "datePublished": "2021-11-30T16:45:19.481134Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-16T16:13:28.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4731
Vulnerability from cvelistv5
Published
2020-07-28 12:05
Modified
2024-09-17 01:26
Summary
IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:48.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1125885"
          },
          {
            "name": "ibm-mq-cve20194731-info-disc (172616)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172616"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ Appliance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.4.CD"
            }
          ]
        }
      ],
      "datePublic": "2020-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/A:N/C:H/AC:H/S:U/PR:N/I:N/UI:N/E:U/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-28T12:05:25",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1125885"
        },
        {
          "name": "ibm-mq-cve20194731-info-disc (172616)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172616"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-07-27T00:00:00",
          "ID": "CVE-2019-4731",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.1.4.CD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "L",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1125885",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1125885 (MQ Appliance)",
              "url": "https://www.ibm.com/support/pages/node/1125885"
            },
            {
              "name": "ibm-mq-cve20194731-info-disc (172616)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172616"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4731",
    "datePublished": "2020-07-28T12:05:25.329060Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T01:26:07.558Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}