All the vulnerabilites related to IBM - MQ Appliance
var-202003-0589
Vulnerability from variot
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862. Vendor exploits this vulnerability IBM X-Force ID: 168862 It is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0589", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.9" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.9" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "websphere mq", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "NVD", "id": "CVE-2019-4619" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndIncluding": "9.0.0.9", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.5.0.9", "versionStartIncluding": "7.1.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndIncluding": "9.0.0.9", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.5.0.9", "versionStartIncluding": "7.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-4619" } ] }, "cve": "CVE-2019-4619", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2019-4619", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "LOW", "trust": 1.1, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2019-014903", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-4619", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2019-014903", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-4619", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2019-014903", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202003-899", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2019-4619", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-4619" }, { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "CNNVD", "id": "CNNVD-202003-899" }, { "db": "NVD", "id": "CVE-2019-4619" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862. Vendor exploits this vulnerability IBM X-Force ID: 168862 It is published as.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2019-4619" }, { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "VULMON", "id": "CVE-2019-4619" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4619", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2019-014903", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202003-899", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2019-4619", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-4619" }, { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "CNNVD", "id": "CNNVD-202003-899" }, { "db": "NVD", "id": "CVE-2019-4619" } ] }, "id": "VAR-202003-0589", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T09:02:47.160000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1135101", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1135101" }, { "title": "ibm-mq-cve20194619-info-disc (168862)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862" }, { "title": "IBM MQ and IBM MQ Appliance Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112528" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "CNNVD", "id": "CNNVD-202003-899" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-209", "trust": 1.0 }, { "problemtype": "CWE-200", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "NVD", "id": "CVE-2019-4619" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/1135101" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4619" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4619" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-information-disclosure-31786" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-a-local-attacker-to-obtain-sensitive-information-by-inclusion-of-sensitive-data-within-trace-cve-2019-4619/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-by-inclusion-of-sensitive-data-within-trace-cve-2019-4619/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/209.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-4619" }, { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "CNNVD", "id": "CNNVD-202003-899" }, { "db": "NVD", "id": "CVE-2019-4619" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2019-4619" }, { "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "db": "CNNVD", "id": "CNNVD-202003-899" }, { "db": "NVD", "id": "CVE-2019-4619" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-16T00:00:00", "db": "VULMON", "id": "CVE-2019-4619" }, { "date": "2020-03-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "date": "2020-03-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-899" }, { "date": "2020-03-16T16:15:00", "db": "NVD", "id": "CVE-2019-4619" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-24T00:00:00", "db": "VULMON", "id": "CVE-2019-4619" }, { "date": "2020-03-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014903" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-899" }, { "date": "2020-08-24T17:37:00", "db": "NVD", "id": "CVE-2019-4619" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-899" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and MQ Appliance Vulnerability regarding information leakage in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014903" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-899" } ], "trust": 0.6 } }
var-202202-1477
Vulnerability from variot
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. Vendors may IBM X-Force ID: 218368 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one appliance for rapidly deploying enterprise-class messaging middleware
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-1477", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.2.5" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.2.0" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.5" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 lts" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 cd" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.2" }, { "model": "mq appliance lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51680" }, { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "NVD", "id": "CVE-2022-22321" } ] }, "cve": "CVE-2022-22321", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2022-22321", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.9, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2022-51680", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2022-22321", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.4, "id": "CVE-2022-22321", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-22321", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-22321", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2022-22321", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2022-22321", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2022-51680", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202202-2176", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2022-22321", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51680" }, { "db": "VULMON", "id": "CVE-2022-22321" }, { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "CNNVD", "id": "CNNVD-202202-2176" }, { "db": "NVD", "id": "CVE-2022-22321" }, { "db": "NVD", "id": "CVE-2022-22321" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. Vendors may IBM X-Force ID: 218368 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one appliance for rapidly deploying enterprise-class messaging middleware", "sources": [ { "db": "NVD", "id": "CVE-2022-22321" }, { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "CNVD", "id": "CNVD-2022-51680" }, { "db": "VULMON", "id": "CVE-2022-22321" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22321", "trust": 3.9 }, { "db": "JVNDB", "id": "JVNDB-2022-006841", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-51680", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0853", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202202-2176", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-22321", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51680" }, { "db": "VULMON", "id": "CVE-2022-22321" }, { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "CNNVD", "id": "CNNVD-202202-2176" }, { "db": "NVD", "id": "CVE-2022-22321" } ] }, "id": "VAR-202202-1477", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-51680" } ], "trust": 1.06875 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51680" } ] }, "last_update_date": "2024-11-23T23:10:57.340000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6560042 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6560042" }, { "title": "Patch for IBM MQ Appliance Information Disclosure Vulnerability (CNVD-2022-51680)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/339966" }, { "title": "IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184361" }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/AlphabugX/CVE-2022-23305 " }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/AlphabugX/CVE-2022-RCE " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51680" }, { "db": "VULMON", "id": "CVE-2022-22321" }, { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "CNNVD", "id": "CNNVD-202202-2176" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-326", "trust": 1.0 }, { "problemtype": "Inadequate protection of credentials (CWE-522) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "NVD", "id": "CVE-2022-22321" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6560042" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22321" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-weak-encryption-via-password-hash-37667" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0853" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22321/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/326.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51680" }, { "db": "VULMON", "id": "CVE-2022-22321" }, { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "CNNVD", "id": "CNNVD-202202-2176" }, { "db": "NVD", "id": "CVE-2022-22321" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-51680" }, { "db": "VULMON", "id": "CVE-2022-22321" }, { "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "db": "CNNVD", "id": "CNNVD-202202-2176" }, { "db": "NVD", "id": "CVE-2022-22321" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51680" }, { "date": "2022-03-01T00:00:00", "db": "VULMON", "id": "CVE-2022-22321" }, { "date": "2023-07-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "date": "2022-02-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-2176" }, { "date": "2022-03-01T17:15:08.073000", "db": "NVD", "id": "CVE-2022-22321" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51680" }, { "date": "2023-08-08T00:00:00", "db": "VULMON", "id": "CVE-2022-22321" }, { "date": "2023-07-10T07:14:00", "db": "JVNDB", "id": "JVNDB-2022-006841" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-2176" }, { "date": "2024-11-21T06:46:38.320000", "db": "NVD", "id": "CVE-2022-22321" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-2176" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability regarding insufficient protection of authentication information in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-006841" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-2176" } ], "trust": 0.6 } }
var-201707-0666
Vulnerability from variot
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146. Multiple IBM Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0666", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "websphere mq", "scope": "eq", "trust": 2.7, "vendor": "ibm", "version": "9.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 2.7, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "websphere mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" } ], "sources": [ { "db": "BID", "id": "99538" }, { "db": "JVNDB", "id": "JVNDB-2017-005576" }, { "db": "CNNVD", "id": "CNNVD-201707-525" }, { "db": "NVD", "id": "CVE-2017-1285" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-1285" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM", "sources": [ { "db": "BID", "id": "99538" } ], "trust": 0.3 }, "cve": "CVE-2017-1285", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-1285", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 1.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-1285", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 1.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-1285", "trust": 1.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201707-525", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-005576" }, { "db": "CNNVD", "id": "CNNVD-201707-525" }, { "db": "NVD", "id": "CVE-2017-1285" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146. Multiple IBM Products are prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause denial-of-service condition", "sources": [ { "db": "NVD", "id": "CVE-2017-1285" }, { "db": "JVNDB", "id": "JVNDB-2017-005576" }, { "db": "BID", "id": "99538" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-1285", "trust": 2.7 }, { "db": "BID", "id": "99538", "trust": 1.3 }, { "db": "JVNDB", "id": "JVNDB-2017-005576", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201707-525", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "99538" }, { "db": "JVNDB", "id": "JVNDB-2017-005576" }, { "db": "CNNVD", "id": "CNNVD-201707-525" }, { "db": "NVD", "id": "CVE-2017-1285" } ] }, "id": "VAR-201707-0666", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T09:51:28.671000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "2003856", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003856" }, { "title": "IBM MQ Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71671" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-005576" }, { "db": "CNNVD", "id": "CNNVD-201707-525" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-005576" }, { "db": "NVD", "id": "CVE-2017-1285" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146" }, { "trust": 1.6, "url": "https://www.ibm.com/support/docview.wss?uid=swg22003856" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/99538" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1285" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1285" }, { "trust": 0.3, "url": "http://www.ibm.com/" }, { "trust": 0.3, "url": "http://www-306.ibm.com/software/integration/wmq/" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg22003856" } ], "sources": [ { "db": "BID", "id": "99538" }, { "db": "JVNDB", "id": "JVNDB-2017-005576" }, { "db": "CNNVD", "id": "CNNVD-201707-525" }, { "db": "NVD", "id": "CVE-2017-1285" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "99538" }, { "db": "JVNDB", "id": "JVNDB-2017-005576" }, { "db": "CNNVD", "id": "CNNVD-201707-525" }, { "db": "NVD", "id": "CVE-2017-1285" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-07-10T00:00:00", "db": "BID", "id": "99538" }, { "date": "2017-08-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-005576" }, { "date": "2017-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201707-525" }, { "date": "2017-07-12T17:29:00", "db": "NVD", "id": "CVE-2017-1285" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-07-10T00:00:00", "db": "BID", "id": "99538" }, { "date": "2017-08-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-005576" }, { "date": "2017-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201707-525" }, { "date": "2017-07-17T16:42:00", "db": "NVD", "id": "CVE-2017-1285" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201707-525" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ Vulnerable to sending crafted messages", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-005576" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201707-525" } ], "trust": 0.6 } }
var-202007-1084
Vulnerability from variot
IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080. Vendor exploits this vulnerability IBM X-Force ID: 179080 It is published as.Service operation interruption (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1084", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.6" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.15" }, { "model": "mq appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008718" }, { "db": "NVD", "id": "CVE-2020-4375" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.15", "versionStartIncluding": "8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.0.0", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.6", "versionStartIncluding": "9.1.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4375" } ] }, "cve": "CVE-2020-4375", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2020-4375", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-008718", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2020-4375", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-008718", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-4375", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-008718", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202007-1536", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008718" }, { "db": "CNNVD", "id": "CNNVD-202007-1536" }, { "db": "NVD", "id": "CVE-2020-4375" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080. Vendor exploits this vulnerability IBM X-Force ID: 179080 It is published as.Service operation interruption (DoS) It may be put into a state", "sources": [ { "db": "NVD", "id": "CVE-2020-4375" }, { "db": "JVNDB", "id": "JVNDB-2020-008718" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4375", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2020-008718", "trust": 0.8 }, { "db": "NSFOCUS", "id": "47991", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202007-1536", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008718" }, { "db": "CNNVD", "id": "CNNVD-202007-1536" }, { "db": "NVD", "id": "CVE-2020-4375" } ] }, "id": "VAR-202007-1084", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T10:15:06.179000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6252785", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6252785" }, { "title": "ibm-mq-cve20204375-dos (179080)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179080" }, { "title": "IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=125187" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008718" }, { "db": "CNNVD", "id": "CNNVD-202007-1536" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-401", "trust": 1.0 }, { "problemtype": "CWE-772", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008718" }, { "db": "NVD", "id": "CVE-2020-4375" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179080" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6252785" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4375" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4375" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-integration-servers-could-cause-a-denial-of-service-or-a-buffer-overflow-when-using-mq/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-memory-leak-via-dynamic-queue-error-32946" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-4375/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4375/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-attacker-to-cause-a-denial-of-service-due-to-a-memory-leak-caused-by-an-error-creating-a-dynamic-queue-cve-2020-4375/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47991" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008718" }, { "db": "CNNVD", "id": "CNNVD-202007-1536" }, { "db": "NVD", "id": "CVE-2020-4375" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2020-008718" }, { "db": "CNNVD", "id": "CNNVD-202007-1536" }, { "db": "NVD", "id": "CVE-2020-4375" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008718" }, { "date": "2020-07-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1536" }, { "date": "2020-07-28T12:15:00", "db": "NVD", "id": "CVE-2020-4375" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008718" }, { "date": "2020-12-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1536" }, { "date": "2021-07-21T11:39:00", "db": "NVD", "id": "CVE-2020-4375" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1536" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural IBM Vulnerability in lack of release of resources after valid lifetime in product", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008718" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1536" } ], "trust": 0.6 } }
var-202204-1117
Vulnerability from variot
IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. IBM MQ Appliance Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202204-1117", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 lts" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 cd" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.2" }, { "model": "mq appliance lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-36974" }, { "db": "JVNDB", "id": "JVNDB-2022-009546" }, { "db": "NVD", "id": "CVE-2022-22355" } ] }, "cve": "CVE-2022-22355", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2022-22355", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2022-36974", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2022-22355", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2022-22355", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-22355", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2022-22355", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2022-22355", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2022-36974", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202204-1999", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2022-22355", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-36974" }, { "db": "VULMON", "id": "CVE-2022-22355" }, { "db": "JVNDB", "id": "JVNDB-2022-009546" }, { "db": "CNNVD", "id": "CNNVD-202204-1999" }, { "db": "NVD", "id": "CVE-2022-22355" }, { "db": "NVD", "id": "CVE-2022-22355" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. IBM MQ Appliance Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware", "sources": [ { "db": "NVD", "id": "CVE-2022-22355" }, { "db": "JVNDB", "id": "JVNDB-2022-009546" }, { "db": "CNVD", "id": "CNVD-2022-36974" }, { "db": "VULMON", "id": "CVE-2022-22355" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22355", "trust": 3.9 }, { "db": "JVNDB", "id": "JVNDB-2022-009546", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-36974", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202204-1999", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-22355", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-36974" }, { "db": "VULMON", "id": "CVE-2022-22355" }, { "db": "JVNDB", "id": "JVNDB-2022-009546" }, { "db": "CNNVD", "id": "CNNVD-202204-1999" }, { "db": "NVD", "id": "CVE-2022-22355" } ] }, "id": "VAR-202204-1117", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-36974" } ], "trust": 1.06875 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-36974" } ] }, "last_update_date": "2024-11-23T22:54:36.812000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6564711 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6564711" }, { "title": "Patch for IBM MQ Appliance Denial of Service Vulnerability (CNVD-2022-36974)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/332786" }, { "title": "IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=188015" }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/AlphabugX/CVE-2022-23305 " }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/AlphabugX/CVE-2022-RCE " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-36974" }, { "db": "VULMON", "id": "CVE-2022-22355" }, { "db": "JVNDB", "id": "JVNDB-2022-009546" }, { "db": "CNNVD", "id": "CNNVD-202204-1999" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-009546" }, { "db": "NVD", "id": "CVE-2022-22355" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220486" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6564711" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22355" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22355/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-login-component-37957" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-36974" }, { "db": "VULMON", "id": "CVE-2022-22355" }, { "db": "JVNDB", "id": "JVNDB-2022-009546" }, { "db": "CNNVD", "id": "CNNVD-202204-1999" }, { "db": "NVD", "id": "CVE-2022-22355" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-36974" }, { "db": "VULMON", "id": "CVE-2022-22355" }, { "db": "JVNDB", "id": "JVNDB-2022-009546" }, { "db": "CNNVD", "id": "CNNVD-202204-1999" }, { "db": "NVD", "id": "CVE-2022-22355" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-13T00:00:00", "db": "CNVD", "id": "CNVD-2022-36974" }, { "date": "2022-04-05T00:00:00", "db": "VULMON", "id": "CVE-2022-22355" }, { "date": "2023-08-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-009546" }, { "date": "2022-04-05T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-1999" }, { "date": "2022-04-05T17:15:08.320000", "db": "NVD", "id": "CVE-2022-22355" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-13T00:00:00", "db": "CNVD", "id": "CNVD-2022-36974" }, { "date": "2022-04-18T00:00:00", "db": "VULMON", "id": "CVE-2022-22355" }, { "date": "2023-08-07T05:39:00", "db": "JVNDB", "id": "JVNDB-2022-009546" }, { "date": "2022-04-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-1999" }, { "date": "2024-11-21T06:46:41.520000", "db": "NVD", "id": "CVE-2022-22355" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-1999" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-009546" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-1999" } ], "trust": 0.6 } }
var-202111-1527
Vulnerability from variot
IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1527", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92962" }, { "db": "JVNDB", "id": "JVNDB-2021-015729" }, { "db": "NVD", "id": "CVE-2021-38999" } ] }, "cve": "CVE-2021-38999", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2021-38999", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.9, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2021-92962", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-38999", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.4, "id": "CVE-2021-38999", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-38999", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-38999", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-38999", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-38999", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2021-92962", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202111-2173", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-38999", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92962" }, { "db": "VULMON", "id": "CVE-2021-38999" }, { "db": "JVNDB", "id": "JVNDB-2021-015729" }, { "db": "CNNVD", "id": "CNNVD-202111-2173" }, { "db": "NVD", "id": "CVE-2021-38999" }, { "db": "NVD", "id": "CVE-2021-38999" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware", "sources": [ { "db": "NVD", "id": "CVE-2021-38999" }, { "db": "JVNDB", "id": "JVNDB-2021-015729" }, { "db": "CNVD", "id": "CNVD-2021-92962" }, { "db": "VULMON", "id": "CVE-2021-38999" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-38999", "trust": 3.9 }, { "db": "JVNDB", "id": "JVNDB-2021-015729", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-92962", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4024", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-2173", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-38999", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92962" }, { "db": "VULMON", "id": "CVE-2021-38999" }, { "db": "JVNDB", "id": "JVNDB-2021-015729" }, { "db": "CNNVD", "id": "CNNVD-202111-2173" }, { "db": "NVD", "id": "CVE-2021-38999" } ] }, "id": "VAR-202111-1527", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-92962" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92962" } ] }, "last_update_date": "2024-08-14T13:23:09.518000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6519418 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6519418" }, { "title": "Patch for IBM MQ Appliance Information Disclosure Vulnerability (CNVD-2021-92962)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/302081" }, { "title": "IBM MQ Appliance Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172092" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92962" }, { "db": "JVNDB", "id": "JVNDB-2021-015729" }, { "db": "CNNVD", "id": "CNNVD-202111-2173" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.0 }, { "problemtype": "information leak (CWE-200) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-015729" }, { "db": "NVD", "id": "CVE-2021-38999" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://www.ibm.com/support/pages/node/6519418" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213214" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38999" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4024" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-logged-sensitive-information-via-trace-36984" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92962" }, { "db": "VULMON", "id": "CVE-2021-38999" }, { "db": "JVNDB", "id": "JVNDB-2021-015729" }, { "db": "CNNVD", "id": "CNNVD-202111-2173" }, { "db": "NVD", "id": "CVE-2021-38999" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-92962" }, { "db": "VULMON", "id": "CVE-2021-38999" }, { "db": "JVNDB", "id": "JVNDB-2021-015729" }, { "db": "CNNVD", "id": "CNNVD-202111-2173" }, { "db": "NVD", "id": "CVE-2021-38999" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-01T00:00:00", "db": "CNVD", "id": "CNVD-2021-92962" }, { "date": "2021-11-30T00:00:00", "db": "VULMON", "id": "CVE-2021-38999" }, { "date": "2022-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-015729" }, { "date": "2021-11-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-2173" }, { "date": "2021-11-30T17:15:11.533000", "db": "NVD", "id": "CVE-2021-38999" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-01T00:00:00", "db": "CNVD", "id": "CNVD-2021-92962" }, { "date": "2021-11-30T00:00:00", "db": "VULMON", "id": "CVE-2021-38999" }, { "date": "2022-11-29T08:16:00", "db": "JVNDB", "id": "JVNDB-2021-015729" }, { "date": "2021-12-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-2173" }, { "date": "2021-11-30T20:29:04.297000", "db": "NVD", "id": "CVE-2021-38999" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-2173" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability regarding information leakage in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-015729" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-2173" } ], "trust": 0.6 } }
var-201812-0395
Vulnerability from variot
IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724. Vendors have confirmed this vulnerability IBM X-Force ID: 144724 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition. IBM DataPower Gateway is a secure and integrated platform designed for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The following products and versions are affected: IBM DataPower Gateway Version 7.1.0.0 to Version 7.1.0.19, Version 7.2.0.0 to Version 7.2.0.16, Version 7.5.0.0 to Version 7.5.0.10, Version 7.5.1.0 to Version 7.5.1.9, Version 7.5.2.0 to version 7.5.2.9, version 7.6.0.0 to version 7.6.0.2; MQ Appliance version 8.0.0.0 to version 8.0.0.8, version 9.0.1 to version 9.0.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0395", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "datapower gateway", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.2.0.0" }, { "model": "datapower gateway", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.5.2.9" }, { "model": "datapower gateway", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.10" }, { "model": "datapower gateway", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.6.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.1" }, { "model": "datapower gateway", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.6.0.2" }, { "model": "datapower gateway", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.5.1.9" }, { "model": "datapower gateway", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.2.0.16" }, { "model": "datapower gateway", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.5.2.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.0.5" }, { "model": "datapower gateway", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "datapower gateway", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.1.0.19" }, { "model": "datapower gateway", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "mq appliance", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "datapower gateway", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.1.0.0 to 7.1.0.19" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.2.0.0 to 7.2.0.16" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.5.0.0 to 7.5.0.10" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.5.1.0 to 7.5.1.9" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.5.2.0 to 7.5.2.9" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.6.0.0 to 7.6.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0.0.0 to 8.0.0.8" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.0.1 to 9.0.5" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.2.0.0" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.5" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6.0.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6.0.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.9" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.8" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.9" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.8" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.4" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.3" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.9" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.5" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.4" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.3" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.10" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.16" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.15" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.11" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.10" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.6" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.4" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.9" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.8" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.4" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.3" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.19" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.18" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.15" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.14" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.12" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.11" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.10" }, { "model": "mq appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "datapower gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.6.0.3" }, { "model": "datapower gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.10" }, { "model": "datapower gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.10" }, { "model": "datapower gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.11" }, { "model": "datapower gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.17" }, { "model": "datapower gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.20" } ], "sources": [ { "db": "BID", "id": "106403" }, { "db": "JVNDB", "id": "JVNDB-2018-012014" }, { "db": "CNNVD", "id": "CNNVD-201812-341" }, { "db": "NVD", "id": "CVE-2018-1652" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:datapower_gateway", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:mq_appliance", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-012014" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported the issue.", "sources": [ { "db": "BID", "id": "106403" } ], "trust": 0.3 }, "cve": "CVE-2018-1652", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2018-1652", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "VHN-126887", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "id": "CVE-2018-1652", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.5, "id": "CVE-2018-1652", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-1652", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2018-1652", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2018-1652", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201812-341", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-126887", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-126887" }, { "db": "JVNDB", "id": "JVNDB-2018-012014" }, { "db": "CNNVD", "id": "CNNVD-201812-341" }, { "db": "NVD", "id": "CVE-2018-1652" }, { "db": "NVD", "id": "CVE-2018-1652" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724. Vendors have confirmed this vulnerability IBM X-Force ID: 144724 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial-of-service condition. IBM DataPower Gateway is a secure and integrated platform designed for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The following products and versions are affected: IBM DataPower Gateway Version 7.1.0.0 to Version 7.1.0.19, Version 7.2.0.0 to Version 7.2.0.16, Version 7.5.0.0 to Version 7.5.0.10, Version 7.5.1.0 to Version 7.5.1.9, Version 7.5.2.0 to version 7.5.2.9, version 7.6.0.0 to version 7.6.0.2; MQ Appliance version 8.0.0.0 to version 8.0.0.8, version 9.0.1 to version 9.0.5", "sources": [ { "db": "NVD", "id": "CVE-2018-1652" }, { "db": "JVNDB", "id": "JVNDB-2018-012014" }, { "db": "BID", "id": "106403" }, { "db": "VULHUB", "id": "VHN-126887" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-1652", "trust": 2.8 }, { "db": "JVNDB", "id": "JVNDB-2018-012014", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201812-341", "trust": 0.7 }, { "db": "BID", "id": "106403", "trust": 0.3 }, { "db": "VULHUB", "id": "VHN-126887", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-126887" }, { "db": "BID", "id": "106403" }, { "db": "JVNDB", "id": "JVNDB-2018-012014" }, { "db": "CNNVD", "id": "CNNVD-201812-341" }, { "db": "NVD", "id": "CVE-2018-1652" } ] }, "id": "VAR-201812-0395", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-126887" } ], "trust": 0.56875 }, "last_update_date": "2024-11-23T22:51:53.839000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "0717483", "trust": 0.8, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483" }, { "title": "0744557", "trust": 0.8, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557" }, { "title": "ibm-mq-cve20181652-dos (144724)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724" }, { "title": "IBM DataPower Gateway Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87602" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-012014" }, { "db": "CNNVD", "id": "CNNVD-201812-341" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-126887" }, { "db": "JVNDB", "id": "JVNDB-2018-012014" }, { "db": "NVD", "id": "CVE-2018-1652" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483" }, { "trust": 1.7, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1652" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1652" }, { "trust": 0.3, "url": "http://www.ibm.com/" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744557" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10717483" } ], "sources": [ { "db": "VULHUB", "id": "VHN-126887" }, { "db": "BID", "id": "106403" }, { "db": "JVNDB", "id": "JVNDB-2018-012014" }, { "db": "CNNVD", "id": "CNNVD-201812-341" }, { "db": "NVD", "id": "CVE-2018-1652" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-126887" }, { "db": "BID", "id": "106403" }, { "db": "JVNDB", "id": "JVNDB-2018-012014" }, { "db": "CNNVD", "id": "CNNVD-201812-341" }, { "db": "NVD", "id": "CVE-2018-1652" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-11T00:00:00", "db": "VULHUB", "id": "VHN-126887" }, { "date": "2018-12-07T00:00:00", "db": "BID", "id": "106403" }, { "date": "2019-01-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-012014" }, { "date": "2018-12-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-341" }, { "date": "2018-12-11T16:29:00.467000", "db": "NVD", "id": "CVE-2018-1652" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-126887" }, { "date": "2018-12-07T00:00:00", "db": "BID", "id": "106403" }, { "date": "2019-01-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-012014" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-341" }, { "date": "2024-11-21T04:00:08.467000", "db": "NVD", "id": "CVE-2018-1652" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "106403" }, { "db": "CNNVD", "id": "CNNVD-201812-341" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM DataPower Gateway and MQ Appliance Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-012014" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-341" } ], "trust": 0.6 } }
var-201912-0153
Vulnerability from variot
IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357. IBM MQ and IBM MQ Appliance Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 166357 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0153", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.8" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.0 lts" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1 cd" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1 lts" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013197" }, { "db": "NVD", "id": "CVE-2019-4560" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.13", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.0.8", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-4560" } ] }, "cve": "CVE-2019-4560", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4560", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 1.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2019-4560", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4560", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-4560", "trust": 1.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201912-702", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013197" }, { "db": "CNNVD", "id": "CNNVD-201912-702" }, { "db": "NVD", "id": "CVE-2019-4560" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357. IBM MQ and IBM MQ Appliance Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 166357 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state", "sources": [ { "db": "NVD", "id": "CVE-2019-4560" }, { "db": "JVNDB", "id": "JVNDB-2019-013197" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4560", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2019-013197", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.4680", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201912-702", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013197" }, { "db": "CNNVD", "id": "CNNVD-201912-702" }, { "db": "NVD", "id": "CVE-2019-4560" } ] }, "id": "VAR-201912-0153", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T08:35:13.396000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1106037", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1106037" }, { "title": "ibm-mq-cve20194560-dos (166357)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166357" }, { "title": "IBM MQ and IBM MQ Appliance Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105657" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013197" }, { "db": "CNNVD", "id": "CNNVD-201912-702" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013197" }, { "db": "NVD", "id": "CVE-2019-4560" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://www.ibm.com/support/pages/node/1106037" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166357" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4560" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4560" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1120443" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4680/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-multiple-vulnerabilities-within-ibm-mq-cve-2019-4655-cve-2019-4560-cve-2019-4614-cve-2019-4620/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-queue-manager-mqput-31172" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013197" }, { "db": "CNNVD", "id": "CNNVD-201912-702" }, { "db": "NVD", "id": "CVE-2019-4560" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2019-013197" }, { "db": "CNNVD", "id": "CNNVD-201912-702" }, { "db": "NVD", "id": "CVE-2019-4560" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-12-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-013197" }, { "date": "2019-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201912-702" }, { "date": "2019-12-16T16:15:00", "db": "NVD", "id": "CVE-2019-4560" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-12-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-013197" }, { "date": "2020-05-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201912-702" }, { "date": "2021-07-21T11:39:00", "db": "NVD", "id": "CVE-2019-4560" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201912-702" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and IBM MQ Appliance Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013197" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201912-702" } ], "trust": 0.6 } }
var-202001-0211
Vulnerability from variot
IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863. IBM MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 168863 Published as.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware by IBM Corporation in the United States. The vulnerability stems from a network system or product that did not properly validate the input data. No detailed vulnerability details are provided at this time
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0211", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": null, "trust": 1.4, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.3" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04908" }, { "db": "JVNDB", "id": "JVNDB-2019-014395" }, { "db": "CNNVD", "id": "CNNVD-202001-1261" }, { "db": "NVD", "id": "CVE-2019-4620" } ] }, "cve": "CVE-2019-4620", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2019-4620", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.1, "id": "CNVD-2020-04908", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-4620", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.5, "id": "CVE-2019-4620", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-4620", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-4620", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2019-4620", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-4620", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-04908", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202001-1261", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04908" }, { "db": "JVNDB", "id": "JVNDB-2019-014395" }, { "db": "CNNVD", "id": "CNNVD-202001-1261" }, { "db": "NVD", "id": "CVE-2019-4620" }, { "db": "NVD", "id": "CVE-2019-4620" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863. IBM MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 168863 Published as.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware by IBM Corporation in the United States. The vulnerability stems from a network system or product that did not properly validate the input data. No detailed vulnerability details are provided at this time", "sources": [ { "db": "NVD", "id": "CVE-2019-4620" }, { "db": "JVNDB", "id": "JVNDB-2019-014395" }, { "db": "CNVD", "id": "CNVD-2020-04908" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4620", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2019-014395", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-04908", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0266", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202001-1261", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04908" }, { "db": "JVNDB", "id": "JVNDB-2019-014395" }, { "db": "CNNVD", "id": "CNNVD-202001-1261" }, { "db": "NVD", "id": "CVE-2019-4620" } ] }, "id": "VAR-202001-0211", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-04908" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04908" } ] }, "last_update_date": "2024-11-23T21:21:53.901000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "168863 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1125891" }, { "title": "Patch for IBM MQ Appliance Input Validation Error Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/200333" }, { "title": "IBM MQ Appliance Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107610" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04908" }, { "db": "JVNDB", "id": "JVNDB-2019-014395" }, { "db": "CNNVD", "id": "CNNVD-202001-1261" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014395" }, { "db": "NVD", "id": "CVE-2019-4620" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168863" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/1125891" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4620" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1106523" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1125897" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1135023" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1127031" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0266/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-bypass-security-restrictions-cve-2019-4620/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-multiple-vulnerabilities-within-ibm-mq-cve-2019-4655-cve-2019-4560-cve-2019-4614-cve-2019-4620/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04908" }, { "db": "JVNDB", "id": "JVNDB-2019-014395" }, { "db": "CNNVD", "id": "CNNVD-202001-1261" }, { "db": "NVD", "id": "CVE-2019-4620" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-04908" }, { "db": "JVNDB", "id": "JVNDB-2019-014395" }, { "db": "CNNVD", "id": "CNNVD-202001-1261" }, { "db": "NVD", "id": "CVE-2019-4620" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-13T00:00:00", "db": "CNVD", "id": "CNVD-2020-04908" }, { "date": "2020-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014395" }, { "date": "2020-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202001-1261" }, { "date": "2020-01-28T19:15:13.217000", "db": "NVD", "id": "CVE-2019-4620" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-13T00:00:00", "db": "CNVD", "id": "CNVD-2020-04908" }, { "date": "2020-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014395" }, { "date": "2020-02-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202001-1261" }, { "date": "2024-11-21T04:43:52.990000", "db": "NVD", "id": "CVE-2019-4620" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202001-1261" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance Input Validation Error Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2020-04908" }, { "db": "CNNVD", "id": "CNNVD-202001-1261" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202001-1261" } ], "trust": 0.6 } }
var-202003-0592
Vulnerability from variot
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0592", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.9" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.9" }, { "model": "mq", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "websphere mq", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0" }, { "model": "mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq appliance lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq cd", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" }, { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "NVD", "id": "CVE-2019-4719" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:mq", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:mq_appliance", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:websphere_mq", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014905" } ] }, "cve": "CVE-2019-4719", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2019-4719", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.0, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2019-014905", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2020-17505", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-4719", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.4, "id": "CVE-2019-4719", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2019-014905", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-4719", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2019-4719", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2019-014905", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2020-17505", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202003-904", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" }, { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "CNNVD", "id": "CNNVD-202003-904" }, { "db": "NVD", "id": "CVE-2019-4719" }, { "db": "NVD", "id": "CVE-2019-4719" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware", "sources": [ { "db": "NVD", "id": "CVE-2019-4719" }, { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "CNVD", "id": "CNVD-2020-17505" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4719", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2019-014905", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-17505", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.4106", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202003-904", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" }, { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "CNNVD", "id": "CNNVD-202003-904" }, { "db": "NVD", "id": "CVE-2019-4719" } ] }, "id": "VAR-202003-0592", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" } ], "trust": 1.06875 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" } ] }, "last_update_date": "2024-11-23T20:33:16.637000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1136608", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1136608" }, { "title": "ibm-mq-cve20194719-info-disc (172124)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124" }, { "title": "Patch for IBM MQ and IBM MQ Appliance information disclosure vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/209203" }, { "title": "IBM MQ and IBM MQ Appliance Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=112529" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" }, { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "CNNVD", "id": "CNNVD-202003-904" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-200", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "NVD", "id": "CVE-2019-4719" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/1136608" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4719" }, { "trust": 1.2, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-cve-2019-4719/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4719" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-cve-2019-4719/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.4106" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" }, { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "CNNVD", "id": "CNNVD-202003-904" }, { "db": "NVD", "id": "CVE-2019-4719" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-17505" }, { "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "db": "CNNVD", "id": "CNNVD-202003-904" }, { "db": "NVD", "id": "CVE-2019-4719" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-18T00:00:00", "db": "CNVD", "id": "CNVD-2020-17505" }, { "date": "2020-03-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "date": "2020-03-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-904" }, { "date": "2020-03-16T16:15:12.750000", "db": "NVD", "id": "CVE-2019-4719" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-18T00:00:00", "db": "CNVD", "id": "CNVD-2020-17505" }, { "date": "2020-03-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014905" }, { "date": "2023-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-904" }, { "date": "2024-11-21T04:44:02.880000", "db": "NVD", "id": "CVE-2019-4719" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-904" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and IBM MQ Appliance information disclosure vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2020-17505" }, { "db": "CNNVD", "id": "CNNVD-202003-904" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-904" } ], "trust": 0.6 } }
var-202107-0508
Vulnerability from variot
IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0508", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.2.2" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.8" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.2" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1" } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4938" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.2", "versionStartIncluding": "9.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.8", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.0.2", "versionStartIncluding": "9.2.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4938" } ] }, "cve": "CVE-2020-4938", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-4938", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 1.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-4938", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-4938", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-583", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-4938", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4938" }, { "db": "CNNVD", "id": "CNNVD-202107-583" }, { "db": "NVD", "id": "CVE-2020-4938" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815", "sources": [ { "db": "NVD", "id": "CVE-2020-4938" }, { "db": "VULMON", "id": "CVE-2020-4938" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4938", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-202107-583", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-4938", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4938" }, { "db": "CNNVD", "id": "CNNVD-202107-583" }, { "db": "NVD", "id": "CVE-2020-4938" } ] }, "id": "VAR-202107-0508", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T10:10:34.479000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-352", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4938" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6466717" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191815" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4938" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected-by-a-cross-site-request-forgery-vulnerability-cve-2020-4938/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-cross-site-request-forgery-35848" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/352.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4938" }, { "db": "CNNVD", "id": "CNNVD-202107-583" }, { "db": "NVD", "id": "CVE-2020-4938" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2020-4938" }, { "db": "CNNVD", "id": "CNNVD-202107-583" }, { "db": "NVD", "id": "CVE-2020-4938" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-12T00:00:00", "db": "VULMON", "id": "CVE-2020-4938" }, { "date": "2021-07-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-583" }, { "date": "2021-07-12T16:15:00", "db": "NVD", "id": "CVE-2020-4938" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-14T00:00:00", "db": "VULMON", "id": "CVE-2020-4938" }, { "date": "2021-07-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-583" }, { "date": "2021-07-14T15:07:00", "db": "NVD", "id": "CVE-2020-4938" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-583" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance Cross-site request forgery vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-583" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "cross-site request forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-583" } ], "trust": 0.6 } }
var-202204-1116
Vulnerability from variot
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. IBM MQ Appliance contains an observable mismatch vulnerability. Vendors may IBM X-Force ID: 220487 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202204-1116", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 lts" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 cd" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.2" }, { "model": "mq appliance lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-36975" }, { "db": "JVNDB", "id": "JVNDB-2022-009545" }, { "db": "NVD", "id": "CVE-2022-22356" } ] }, "cve": "CVE-2022-22356", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2022-22356", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CNVD-2022-36975", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2022-22356", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "id": "CVE-2022-22356", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-22356", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-22356", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2022-22356", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2022-22356", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2022-36975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202204-2000", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2022-22356", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-36975" }, { "db": "VULMON", "id": "CVE-2022-22356" }, { "db": "JVNDB", "id": "JVNDB-2022-009545" }, { "db": "CNNVD", "id": "CNNVD-202204-2000" }, { "db": "NVD", "id": "CVE-2022-22356" }, { "db": "NVD", "id": "CVE-2022-22356" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. IBM MQ Appliance contains an observable mismatch vulnerability. Vendors may IBM X-Force ID: 220487 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware", "sources": [ { "db": "NVD", "id": "CVE-2022-22356" }, { "db": "JVNDB", "id": "JVNDB-2022-009545" }, { "db": "CNVD", "id": "CNVD-2022-36975" }, { "db": "VULMON", "id": "CVE-2022-22356" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22356", "trust": 3.9 }, { "db": "JVNDB", "id": "JVNDB-2022-009545", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-36975", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202204-2000", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-22356", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-36975" }, { "db": "VULMON", "id": "CVE-2022-22356" }, { "db": "JVNDB", "id": "JVNDB-2022-009545" }, { "db": "CNNVD", "id": "CNNVD-202204-2000" }, { "db": "NVD", "id": "CVE-2022-22356" } ] }, "id": "VAR-202204-1116", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-36975" } ], "trust": 1.06875 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-36975" } ] }, "last_update_date": "2024-11-23T21:58:27.346000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6564711 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6564711" }, { "title": "Patch for IBM MQ Appliance Information Disclosure Vulnerability (CNVD-2022-36975)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/332781" }, { "title": "IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=188274" }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/AlphabugX/CVE-2022-23305 " }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/AlphabugX/CVE-2022-RCE " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-36975" }, { "db": "VULMON", "id": "CVE-2022-22356" }, { "db": "JVNDB", "id": "JVNDB-2022-009545" }, { "db": "CNNVD", "id": "CNNVD-202204-2000" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-203", "trust": 1.0 }, { "problemtype": "Observable discrepancy (CWE-203) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-009545" }, { "db": "NVD", "id": "CVE-2022-22356" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220487" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6564711" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22356" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22356/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/203.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-36975" }, { "db": "VULMON", "id": "CVE-2022-22356" }, { "db": "JVNDB", "id": "JVNDB-2022-009545" }, { "db": "CNNVD", "id": "CNNVD-202204-2000" }, { "db": "NVD", "id": "CVE-2022-22356" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-36975" }, { "db": "VULMON", "id": "CVE-2022-22356" }, { "db": "JVNDB", "id": "JVNDB-2022-009545" }, { "db": "CNNVD", "id": "CNNVD-202204-2000" }, { "db": "NVD", "id": "CVE-2022-22356" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-13T00:00:00", "db": "CNVD", "id": "CNVD-2022-36975" }, { "date": "2022-04-05T00:00:00", "db": "VULMON", "id": "CVE-2022-22356" }, { "date": "2023-08-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-009545" }, { "date": "2022-04-05T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-2000" }, { "date": "2022-04-05T17:15:08.370000", "db": "NVD", "id": "CVE-2022-22356" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-13T00:00:00", "db": "CNVD", "id": "CNVD-2022-36975" }, { "date": "2022-04-18T00:00:00", "db": "VULMON", "id": "CVE-2022-22356" }, { "date": "2023-08-07T05:37:00", "db": "JVNDB", "id": "JVNDB-2022-009545" }, { "date": "2022-04-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-2000" }, { "date": "2024-11-21T06:46:41.630000", "db": "NVD", "id": "CVE-2022-22356" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-2000" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability regarding observable inconsistencies in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-009545" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-2000" } ], "trust": 0.6 } }
var-201908-0016
Vulnerability from variot
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188. Vendors have confirmed this vulnerability IBM X-Force ID: 16188 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform. The following products and versions are affected: IBM DataPower Gateway 2018.4.1.0 to 2018.4.1.6, DataPower Gateway 7.6.0.0 to 7.6.0.15, DataPower Gateway CD
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0016", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "datapower gateway", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "2018.4.1.7" }, { "model": "mq appliance", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.2" }, { "model": "mq appliance", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.1.2" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.1" }, { "model": "datapower gateway", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "2018.4.1.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "datapower gateway", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "2018.4.1.6" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "datapower gateway", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.6.0.0" }, { "model": "mq appliance", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "datapower gateway", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.6.0.15" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2018.4.1.0 to 2018.4.1.6" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.6.0.0 to 7.6.0.15" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0.0.0 to 8.0.0.12" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.0.0 to 9.1.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.1 to 9.1.2" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008161" }, { "db": "NVD", "id": "CVE-2019-4294" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:datapower_gateway", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:mq_appliance", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008161" } ] }, "cve": "CVE-2019-4294", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2019-4294", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-155729", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-4294", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.5, "id": "CVE-2019-4294", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-4294", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-4294", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2019-4294", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-4294", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201908-1243", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-155729", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-155729" }, { "db": "JVNDB", "id": "JVNDB-2019-008161" }, { "db": "CNNVD", "id": "CNNVD-201908-1243" }, { "db": "NVD", "id": "CVE-2019-4294" }, { "db": "NVD", "id": "CVE-2019-4294" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188. Vendors have confirmed this vulnerability IBM X-Force ID: 16188 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform. The following products and versions are affected: IBM DataPower Gateway 2018.4.1.0 to 2018.4.1.6, DataPower Gateway 7.6.0.0 to 7.6.0.15, DataPower Gateway CD", "sources": [ { "db": "NVD", "id": "CVE-2019-4294" }, { "db": "JVNDB", "id": "JVNDB-2019-008161" }, { "db": "VULHUB", "id": "VHN-155729" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4294", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2019-008161", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201908-1243", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-155729", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-155729" }, { "db": "JVNDB", "id": "JVNDB-2019-008161" }, { "db": "CNNVD", "id": "CNNVD-201908-1243" }, { "db": "NVD", "id": "CVE-2019-4294" } ] }, "id": "VAR-201908-0016", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-155729" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T21:37:03.476000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "0887005", "trust": 0.8, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10887005" }, { "title": "0958933", "trust": 0.8, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10958933" }, { "title": "ibm-mq-cve20194294-code-exec (160701)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160701" }, { "title": "IBM DataPower Gateway Fixes for command injection vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=96888" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008161" }, { "db": "CNNVD", "id": "CNNVD-201908-1243" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-78", "trust": 1.1 }, { "problemtype": "CWE-77", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-155729" }, { "db": "JVNDB", "id": "JVNDB-2019-008161" }, { "db": "NVD", "id": "CVE-2019-4294" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887005" }, { "trust": 1.7, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10958933" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160701" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4294" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4294" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10958933" } ], "sources": [ { "db": "VULHUB", "id": "VHN-155729" }, { "db": "JVNDB", "id": "JVNDB-2019-008161" }, { "db": "CNNVD", "id": "CNNVD-201908-1243" }, { "db": "NVD", "id": "CVE-2019-4294" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-155729" }, { "db": "JVNDB", "id": "JVNDB-2019-008161" }, { "db": "CNNVD", "id": "CNNVD-201908-1243" }, { "db": "NVD", "id": "CVE-2019-4294" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-20T00:00:00", "db": "VULHUB", "id": "VHN-155729" }, { "date": "2019-08-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-008161" }, { "date": "2019-08-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-1243" }, { "date": "2019-08-20T19:15:11.730000", "db": "NVD", "id": "CVE-2019-4294" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-09T00:00:00", "db": "VULHUB", "id": "VHN-155729" }, { "date": "2019-08-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-008161" }, { "date": "2022-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-1243" }, { "date": "2024-11-21T04:43:26.147000", "db": "NVD", "id": "CVE-2019-4294" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-1243" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM DataPower Gateway and IBM MQ Appliance Command injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008161" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "operating system commend injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-1243" } ], "trust": 0.6 } }
var-201912-0162
Vulnerability from variot
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966. IBM MQ Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 170966 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0162", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "eq", "trust": 1.4, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "mq", "scope": "eq", "trust": 1.4, "vendor": "ibm", "version": "9.1.0.2" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.0.3" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.2" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.3" }, { "model": "mq appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1.3" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "db": "CNNVD", "id": "CNNVD-201912-980" }, { "db": "NVD", "id": "CVE-2019-4655" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-4655" } ] }, "cve": "CVE-2019-4655", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4655", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 1.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2019-4655", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 4.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4655", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-4655", "trust": 1.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201912-980", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "db": "CNNVD", "id": "CNNVD-201912-980" }, { "db": "NVD", "id": "CVE-2019-4655" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966. IBM MQ Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 170966 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state", "sources": [ { "db": "NVD", "id": "CVE-2019-4655" }, { "db": "JVNDB", "id": "JVNDB-2019-013495" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4655", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2019-013495", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201912-980", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "db": "CNNVD", "id": "CNNVD-201912-980" }, { "db": "NVD", "id": "CVE-2019-4655" } ] }, "id": "VAR-201912-0162", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T10:00:09.088000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1106529", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1106529" }, { "title": "ibm-mq-cve20194655-dos (170966)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966" }, { "title": "IBM MQ and IBM MQ Appliance Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=106392" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "db": "CNNVD", "id": "CNNVD-201912-980" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "db": "NVD", "id": "CVE-2019-4655" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170966" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/1106529" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4655" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4655" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-data-conversion-fdc-31208" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-multiple-vulnerabilities-within-ibm-mq-cve-2019-4655-cve-2019-4560-cve-2019-4614-cve-2019-4620/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "db": "CNNVD", "id": "CNNVD-201912-980" }, { "db": "NVD", "id": "CVE-2019-4655" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "db": "CNNVD", "id": "CNNVD-201912-980" }, { "db": "NVD", "id": "CVE-2019-4655" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-01-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "date": "2019-12-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201912-980" }, { "date": "2019-12-30T16:15:00", "db": "NVD", "id": "CVE-2019-4655" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-01-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-013495" }, { "date": "2020-02-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201912-980" }, { "date": "2021-07-21T11:39:00", "db": "NVD", "id": "CVE-2019-4655" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201912-980" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013495" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201912-980" } ], "trust": 0.6 } }
var-202004-1758
Vulnerability from variot
IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840. Vendor exploits this vulnerability IBM X-Force ID: 175840 It is published as.Service operation interruption (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1758", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.5" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1 cd" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1 lts" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1 cd" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1 lts" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "mq", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.1, "vendor": "ibm", "version": "9.1.4" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4267" }, { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "NVD", "id": "CVE-2020-4267" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.5", "versionStartIncluding": "9.1.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4267" } ] }, "cve": "CVE-2020-4267", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2020-4267", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 1.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-004676", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2020-4267", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-004676", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-4267", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-004676", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202004-2043", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-4267", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4267" }, { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "CNNVD", "id": "CNNVD-202004-2043" }, { "db": "NVD", "id": "CVE-2020-4267" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840. Vendor exploits this vulnerability IBM X-Force ID: 175840 It is published as.Service operation interruption (DoS) It may be put into a state", "sources": [ { "db": "NVD", "id": "CVE-2020-4267" }, { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "VULMON", "id": "CVE-2020-4267" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4267", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2020-004676", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202004-2043", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-4267", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4267" }, { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "CNNVD", "id": "CNNVD-202004-2043" }, { "db": "NVD", "id": "CVE-2020-4267" } ] }, "id": "VAR-202004-1758", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T10:21:38.661000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6195384", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6195384" }, { "title": "ibm-mq-cve20204267-dos (175840)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840" }, { "title": "IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117266" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "CNNVD", "id": "CNNVD-202004-2043" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-401", "trust": 1.0 }, { "problemtype": "CWE-772", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "NVD", "id": "CVE-2020-4267" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6195384" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4267" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4267" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4267/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-memory-leak-32535" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-mq-appliance-could-allow-an-authenticated-user-cause-a-denial-of-service-due-to-a-memory-leak-cve-2020-4267/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/772.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4267" }, { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "CNNVD", "id": "CNNVD-202004-2043" }, { "db": "NVD", "id": "CVE-2020-4267" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2020-4267" }, { "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "db": "CNNVD", "id": "CNNVD-202004-2043" }, { "db": "NVD", "id": "CVE-2020-4267" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-04-24T00:00:00", "db": "VULMON", "id": "CVE-2020-4267" }, { "date": "2020-05-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "date": "2020-04-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-2043" }, { "date": "2020-04-24T16:15:00", "db": "NVD", "id": "CVE-2020-4267" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-04-30T00:00:00", "db": "VULMON", "id": "CVE-2020-4267" }, { "date": "2020-05-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-004676" }, { "date": "2020-06-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-2043" }, { "date": "2021-07-21T11:39:00", "db": "NVD", "id": "CVE-2020-4267" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202004-2043" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and MQ Appliance Vulnerability regarding lack of resource release after valid lifetime in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-004676" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202004-2043" } ], "trust": 0.6 } }
var-202007-1381
Vulnerability from variot
IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118. IBM MQ Appliance There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 182118 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one device from IBM in the United States for rapid deployment of enterprise-level messaging middleware. Local attackers can use this vulnerability to obtain highly sensitive information
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1381", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.6" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1 cd" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1 lts" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq appliance lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-47945" }, { "db": "JVNDB", "id": "JVNDB-2020-008714" }, { "db": "NVD", "id": "CVE-2020-4498" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:mq_appliance", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008714" } ] }, "cve": "CVE-2020-4498", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2020-4498", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.0, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-008714", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2020-47945", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "id": "CVE-2020-4498", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.5, "id": "CVE-2020-4498", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.4, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-008714", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-4498", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2020-4498", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-008714", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2020-47945", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202007-1529", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-47945" }, { "db": "JVNDB", "id": "JVNDB-2020-008714" }, { "db": "CNNVD", "id": "CNNVD-202007-1529" }, { "db": "NVD", "id": "CVE-2020-4498" }, { "db": "NVD", "id": "CVE-2020-4498" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118. IBM MQ Appliance There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 182118 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one device from IBM in the United States for rapid deployment of enterprise-level messaging middleware. Local attackers can use this vulnerability to obtain highly sensitive information", "sources": [ { "db": "NVD", "id": "CVE-2020-4498" }, { "db": "JVNDB", "id": "JVNDB-2020-008714" }, { "db": "CNVD", "id": "CNVD-2020-47945" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4498", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2020-008714", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-47945", "trust": 0.6 }, { "db": "NSFOCUS", "id": "47972", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202007-1529", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-47945" }, { "db": "JVNDB", "id": "JVNDB-2020-008714" }, { "db": "CNNVD", "id": "CNNVD-202007-1529" }, { "db": "NVD", "id": "CVE-2020-4498" } ] }, "id": "VAR-202007-1381", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-47945" } ], "trust": 1.06875 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-47945" } ] }, "last_update_date": "2024-11-23T23:11:22.905000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6252409", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6252409" }, { "title": "ibm-mq-cve20204498-info-disc (182118)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182118" }, { "title": "Patch for IBM MQ Appliance information disclosure vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/231259" }, { "title": "IBM MQ Appliance Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124844" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-47945" }, { "db": "JVNDB", "id": "JVNDB-2020-008714" }, { "db": "CNNVD", "id": "CNNVD-202007-1529" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-532", "trust": 1.0 }, { "problemtype": "CWE-200", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008714" }, { "db": "NVD", "id": "CVE-2020-4498" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182118" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6252409" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4498" }, { "trust": 1.2, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-information-disclosure-vulnerability-cve-2020-4498/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4498" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47972" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-information-disclosure-via-trace-files-32931" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-integration-servers-could-allow-information-exposure-when-using-mq-cve-2020-4498/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-47945" }, { "db": "JVNDB", "id": "JVNDB-2020-008714" }, { "db": "CNNVD", "id": "CNNVD-202007-1529" }, { "db": "NVD", "id": "CVE-2020-4498" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-47945" }, { "db": "JVNDB", "id": "JVNDB-2020-008714" }, { "db": "CNNVD", "id": "CNNVD-202007-1529" }, { "db": "NVD", "id": "CVE-2020-4498" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-19T00:00:00", "db": "CNVD", "id": "CNVD-2020-47945" }, { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008714" }, { "date": "2020-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1529" }, { "date": "2020-07-27T14:15:12.677000", "db": "NVD", "id": "CVE-2020-4498" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2020-47945" }, { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008714" }, { "date": "2020-12-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1529" }, { "date": "2024-11-21T05:32:49.137000", "db": "NVD", "id": "CVE-2020-4498" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1529" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance information disclosure vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2020-47945" }, { "db": "CNNVD", "id": "CNNVD-202007-1529" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1529" } ], "trust": 0.6 } }
var-201803-1745
Vulnerability from variot
IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077. Vendors have confirmed this vulnerability IBM X-Force ID: 139077 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1745", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "9.0.4" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq appliance cd", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.5" } ], "sources": [ { "db": "BID", "id": "103491" }, { "db": "JVNDB", "id": "JVNDB-2018-003249" }, { "db": "CNNVD", "id": "CNNVD-201803-894" }, { "db": "NVD", "id": "CVE-2018-1429" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:mq_appliance", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-003249" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM", "sources": [ { "db": "BID", "id": "103491" } ], "trust": 0.3 }, "cve": "CVE-2018-1429", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "CVE-2018-1429", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.3, "id": "CVE-2018-1429", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 2.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-1429", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2018-1429", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2018-1429", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201803-894", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-003249" }, { "db": "CNNVD", "id": "CNNVD-201803-894" }, { "db": "NVD", "id": "CVE-2018-1429" }, { "db": "NVD", "id": "CVE-2018-1429" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077. Vendors have confirmed this vulnerability IBM X-Force ID: 139077 It is released as.Information may be obtained and information may be altered. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks", "sources": [ { "db": "NVD", "id": "CVE-2018-1429" }, { "db": "JVNDB", "id": "JVNDB-2018-003249" }, { "db": "BID", "id": "103491" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-1429", "trust": 2.7 }, { "db": "BID", "id": "103491", "trust": 1.9 }, { "db": "SECTRACK", "id": "1040564", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2018-003249", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201803-894", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "103491" }, { "db": "JVNDB", "id": "JVNDB-2018-003249" }, { "db": "CNNVD", "id": "CNNVD-201803-894" }, { "db": "NVD", "id": "CVE-2018-1429" } ] }, "id": "VAR-201803-1745", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.46875 }, "last_update_date": "2024-11-23T23:08:45.951000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "2014046", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22014046" }, { "title": "ibm-websphere-cve20181429-xss (139077)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077" }, { "title": "IBM MQ Appliance Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79393" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-003249" }, { "db": "CNNVD", "id": "CNNVD-201803-894" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-003249" }, { "db": "NVD", "id": "CVE-2018-1429" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1040564" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/103491" }, { "trust": 1.6, "url": "http://www.ibm.com/support/docview.wss?uid=swg22014046" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1429" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1429" }, { "trust": 0.3, "url": "http://www.ibm.com/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22014046" } ], "sources": [ { "db": "BID", "id": "103491" }, { "db": "JVNDB", "id": "JVNDB-2018-003249" }, { "db": "CNNVD", "id": "CNNVD-201803-894" }, { "db": "NVD", "id": "CVE-2018-1429" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "103491" }, { "db": "JVNDB", "id": "JVNDB-2018-003249" }, { "db": "CNNVD", "id": "CNNVD-201803-894" }, { "db": "NVD", "id": "CVE-2018-1429" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-03-21T00:00:00", "db": "BID", "id": "103491" }, { "date": "2018-05-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-003249" }, { "date": "2018-03-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-894" }, { "date": "2018-03-23T19:29:00.747000", "db": "NVD", "id": "CVE-2018-1429" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-03-21T00:00:00", "db": "BID", "id": "103491" }, { "date": "2018-05-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-003249" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-894" }, { "date": "2024-11-21T03:59:48.220000", "db": "NVD", "id": "CVE-2018-1429" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201803-894" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance Vulnerable to cross-site scripting", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-003249" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-201803-894" } ], "trust": 0.6 } }
var-201609-0395
Vulnerability from variot
MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command. IBMMQAppliance is a solution that enables IBMMQ to be deployed in new use cases and to simplify existing deployment options. Allows a local attacker to exploit the vulnerability to execute arbitrary commands and obtain sensitive information. IBM MQ Appliance is prone to a local command-execution vulnerability. Both IBM MQ Appliance M2000 and M2001 are all-in-one devices used by IBM Corporation in the United States for the rapid deployment of enterprise-level message middleware
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0395", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "8.0" }, { "model": "mq appliance m2000", "scope": null, "trust": 1.7, "vendor": "ibm", "version": null }, { "model": "mq appliance m2001", "scope": null, "trust": 1.7, "vendor": "ibm", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-06498" }, { "db": "BID", "id": "92538" }, { "db": "JVNDB", "id": "JVNDB-2016-004521" }, { "db": "CNNVD", "id": "CNNVD-201608-342" }, { "db": "NVD", "id": "CVE-2016-5879" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/h:ibm:mq_appliance_m2000", "vulnerable": true }, { "cpe22Uri": "cpe:/h:ibm:mq_appliance_m2001", "vulnerable": true }, { "cpe22Uri": "cpe:/o:ibm:mq_appliance_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004521" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM", "sources": [ { "db": "BID", "id": "92538" }, { "db": "CNNVD", "id": "CNNVD-201608-342" } ], "trust": 0.9 }, "cve": "CVE-2016-5879", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2016-5879", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2016-06498", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-94699", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.0, "id": "CVE-2016-5879", "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2016-5879", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2016-5879", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2016-06498", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201608-342", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-94699", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-5879", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-06498" }, { "db": "VULHUB", "id": "VHN-94699" }, { "db": "VULMON", "id": "CVE-2016-5879" }, { "db": "JVNDB", "id": "JVNDB-2016-004521" }, { "db": "CNNVD", "id": "CNNVD-201608-342" }, { "db": "NVD", "id": "CVE-2016-5879" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command. IBMMQAppliance is a solution that enables IBMMQ to be deployed in new use cases and to simplify existing deployment options. Allows a local attacker to exploit the vulnerability to execute arbitrary commands and obtain sensitive information. IBM MQ Appliance is prone to a local command-execution vulnerability. Both IBM MQ Appliance M2000 and M2001 are all-in-one devices used by IBM Corporation in the United States for the rapid deployment of enterprise-level message middleware", "sources": [ { "db": "NVD", "id": "CVE-2016-5879" }, { "db": "JVNDB", "id": "JVNDB-2016-004521" }, { "db": "CNVD", "id": "CNVD-2016-06498" }, { "db": "BID", "id": "92538" }, { "db": "VULHUB", "id": "VHN-94699" }, { "db": "VULMON", "id": "CVE-2016-5879" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-5879", "trust": 3.5 }, { "db": "BID", "id": "92538", "trust": 2.7 }, { "db": "JVNDB", "id": "JVNDB-2016-004521", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201608-342", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2016-06498", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-94699", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-5879", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-06498" }, { "db": "VULHUB", "id": "VHN-94699" }, { "db": "VULMON", "id": "CVE-2016-5879" }, { "db": "BID", "id": "92538" }, { "db": "JVNDB", "id": "JVNDB-2016-004521" }, { "db": "CNNVD", "id": "CNNVD-201608-342" }, { "db": "NVD", "id": "CVE-2016-5879" } ] }, "id": "VAR-201609-0395", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2016-06498" }, { "db": "VULHUB", "id": "VHN-94699" } ], "trust": 0.06999999999999999 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-06498" } ] }, "last_update_date": "2024-11-23T23:09:11.406000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1987697", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987697" }, { "title": "IBMMQAppliance local command execution vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/80608" }, { "title": "IBM MQ Appliance Fixes for local command execution vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63706" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-06498" }, { "db": "JVNDB", "id": "JVNDB-2016-004521" }, { "db": "CNNVD", "id": "CNNVD-201608-342" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-94699" }, { "db": "JVNDB", "id": "JVNDB-2016-004521" }, { "db": "NVD", "id": "CVE-2016-5879" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987697" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/92538" }, { "trust": 1.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1it16174" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5879" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5879" }, { "trust": 0.3, "url": "http://www.ibm.com" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-06498" }, { "db": "VULHUB", "id": "VHN-94699" }, { "db": "VULMON", "id": "CVE-2016-5879" }, { "db": "BID", "id": "92538" }, { "db": "JVNDB", "id": "JVNDB-2016-004521" }, { "db": "CNNVD", "id": "CNNVD-201608-342" }, { "db": "NVD", "id": "CVE-2016-5879" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2016-06498" }, { "db": "VULHUB", "id": "VHN-94699" }, { "db": "VULMON", "id": "CVE-2016-5879" }, { "db": "BID", "id": "92538" }, { "db": "JVNDB", "id": "JVNDB-2016-004521" }, { "db": "CNNVD", "id": "CNNVD-201608-342" }, { "db": "NVD", "id": "CVE-2016-5879" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-08-21T00:00:00", "db": "CNVD", "id": "CNVD-2016-06498" }, { "date": "2016-09-02T00:00:00", "db": "VULHUB", "id": "VHN-94699" }, { "date": "2016-09-02T00:00:00", "db": "VULMON", "id": "CVE-2016-5879" }, { "date": "2016-08-18T00:00:00", "db": "BID", "id": "92538" }, { "date": "2016-09-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004521" }, { "date": "2016-08-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201608-342" }, { "date": "2016-09-02T14:59:08.160000", "db": "NVD", "id": "CVE-2016-5879" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-08-21T00:00:00", "db": "CNVD", "id": "CNVD-2016-06498" }, { "date": "2016-11-28T00:00:00", "db": "VULHUB", "id": "VHN-94699" }, { "date": "2016-11-28T00:00:00", "db": "VULMON", "id": "CVE-2016-5879" }, { "date": "2016-08-18T00:00:00", "db": "BID", "id": "92538" }, { "date": "2016-09-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004521" }, { "date": "2016-09-05T00:00:00", "db": "CNNVD", "id": "CNNVD-201608-342" }, { "date": "2024-11-21T02:55:11.217000", "db": "NVD", "id": "CVE-2016-5879" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "92538" }, { "db": "CNNVD", "id": "CNNVD-201608-342" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance M2000 and M2001 Device MQCLI In any shell Command execution vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004521" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201608-342" } ], "trust": 0.6 } }
var-202111-0183
Vulnerability from variot
IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-0183", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.2.3" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.9" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.3" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-29843" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.9", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.3", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.0.3", "versionStartIncluding": "9.2.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-29843" } ] }, "cve": "CVE-2021-29843", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2021-29843", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2021-29843", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-29843", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202111-472", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-472" }, { "db": "NVD", "id": "CVE-2021-29843" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.", "sources": [ { "db": "NVD", "id": "CVE-2021-29843" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-29843", "trust": 1.6 }, { "db": "AUSCERT", "id": "ESB-2021.3710", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3959", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-472", "trust": 0.6 } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-472" }, { "db": "NVD", "id": "CVE-2021-29843" } ] }, "id": "VAR-202111-0183", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T08:32:45.325000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "IBM MQ Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=168795" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-472" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-29843" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://www.ibm.com/support/pages/node/6513681" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205203" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3710" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29843" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-message-properties-36821" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3959" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-472" }, { "db": "NVD", "id": "CVE-2021-29843" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNNVD", "id": "CNNVD-202111-472" }, { "db": "NVD", "id": "CVE-2021-29843" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-05T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-472" }, { "date": "2021-11-08T17:15:00", "db": "NVD", "id": "CVE-2021-29843" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-472" }, { "date": "2021-11-10T02:43:00", "db": "NVD", "id": "CVE-2021-29843" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-472" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-472" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-472" } ], "trust": 0.6 } }
var-202111-1526
Vulnerability from variot
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1526", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-39000" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-39000" } ] }, "cve": "CVE-2021-39000", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2021-39000", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-39000", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-39000", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202111-2165", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-2165" }, { "db": "NVD", "id": "CVE-2021-39000" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.", "sources": [ { "db": "NVD", "id": "CVE-2021-39000" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-39000", "trust": 1.6 }, { "db": "AUSCERT", "id": "ESB-2021.4024", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-2165", "trust": 0.6 } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-2165" }, { "db": "NVD", "id": "CVE-2021-39000" } ] }, "id": "VAR-202111-1526", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T09:21:12.415000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "IBM MQ Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172394" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-2165" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-39000" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://www.ibm.com/support/pages/node/6519422" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213215" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4024" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-information-disclosure-via-diagnostics-36981" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-2165" }, { "db": "NVD", "id": "CVE-2021-39000" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNNVD", "id": "CNNVD-202111-2165" }, { "db": "NVD", "id": "CVE-2021-39000" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-2165" }, { "date": "2021-11-30T17:15:00", "db": "NVD", "id": "CVE-2021-39000" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-2165" }, { "date": "2021-11-30T20:28:00", "db": "NVD", "id": "CVE-2021-39000" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-2165" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Information disclosure vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-2165" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-2165" } ], "trust": 0.6 } }
var-202003-0593
Vulnerability from variot
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. IBM MQ and MQ Appliance There is an input verification vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 170967 It is published as.Service operation interruption (DoS) It may be put into a state. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The vulnerability stems from an error in processing error messages. An attacker can use this vulnerability to cause a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0593", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.9" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.9" }, { "model": "mq", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "websphere mq", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0" }, { "model": "mq", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq appliance lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq cd", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17502" }, { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "NVD", "id": "CVE-2019-4656" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:mq", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:mq_appliance", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:websphere_mq", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014904" } ] }, "cve": "CVE-2019-4656", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2019-4656", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-014904", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CNVD-2020-17502", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2019-4656", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2019-4656", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-014904", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-4656", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2019-4656", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2019-014904", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2020-17502", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202003-896", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17502" }, { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "CNNVD", "id": "CNNVD-202003-896" }, { "db": "NVD", "id": "CVE-2019-4656" }, { "db": "NVD", "id": "CVE-2019-4656" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. IBM MQ and MQ Appliance There is an input verification vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 170967 It is published as.Service operation interruption (DoS) It may be put into a state. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The vulnerability stems from an error in processing error messages. An attacker can use this vulnerability to cause a denial of service", "sources": [ { "db": "NVD", "id": "CVE-2019-4656" }, { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "CNVD", "id": "CNVD-2020-17502" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4656", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2019-014904", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-17502", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.4106", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202003-896", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17502" }, { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "CNNVD", "id": "CNNVD-202003-896" }, { "db": "NVD", "id": "CVE-2019-4656" } ] }, "id": "VAR-202003-0593", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-17502" } ], "trust": 1.06875 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17502" } ] }, "last_update_date": "2024-11-23T21:06:16.264000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1135095", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1135095" }, { "title": "ibm-mq-cve20194656-dos (170967)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967" }, { "title": "Patch for IBM MQ Appliance and IBM MQ Denial of Service Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/209207" }, { "title": "IBM MQ and IBM MQ Appliance Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=112526" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17502" }, { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "CNNVD", "id": "CNNVD-202003-896" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "NVD", "id": "CVE-2019-4656" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/1135095" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4656" }, { "trust": 1.2, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-error-processing-error-messages-cve-2019-4656/" }, { "trust": 1.2, "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-31785" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4656" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-authenticated-user-crafting-a-malicious-message-cve-2019-4656/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.4106" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-17502" }, { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "CNNVD", "id": "CNNVD-202003-896" }, { "db": "NVD", "id": "CVE-2019-4656" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-17502" }, { "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "db": "CNNVD", "id": "CNNVD-202003-896" }, { "db": "NVD", "id": "CVE-2019-4656" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-18T00:00:00", "db": "CNVD", "id": "CNVD-2020-17502" }, { "date": "2020-03-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "date": "2020-03-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-896" }, { "date": "2020-03-16T16:15:12.670000", "db": "NVD", "id": "CVE-2019-4656" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-18T00:00:00", "db": "CNVD", "id": "CNVD-2020-17502" }, { "date": "2020-03-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014904" }, { "date": "2023-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-896" }, { "date": "2024-11-21T04:43:56.300000", "db": "NVD", "id": "CVE-2019-4656" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-896" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and MQ Appliance Input verification vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014904" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-896" } ], "trust": 0.6 } }
var-202007-0442
Vulnerability from variot
IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616. IBM MQ Appliance There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 172616 It is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0442", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.4.cd" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-015795" }, { "db": "NVD", "id": "CVE-2019-4731" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.1.4:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-4731" } ] }, "cve": "CVE-2019-4731", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2019-4731", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2019-015795", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-4731", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2019-015795", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-4731", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2019-015795", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202007-1538", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-015795" }, { "db": "CNNVD", "id": "CNNVD-202007-1538" }, { "db": "NVD", "id": "CVE-2019-4731" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616. IBM MQ Appliance There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 172616 It is published as.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2019-4731" }, { "db": "JVNDB", "id": "JVNDB-2019-015795" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4731", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2019-015795", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202007-1538", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-015795" }, { "db": "CNNVD", "id": "CNNVD-202007-1538" }, { "db": "NVD", "id": "CVE-2019-4731" } ] }, "id": "VAR-202007-0442", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T09:09:01.851000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1125885", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1125885" }, { "title": "ibm-mq-cve20194731-info-disc (172616)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172616" }, { "title": "IBM MQ Appliance Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=125188" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-015795" }, { "db": "CNNVD", "id": "CNNVD-202007-1538" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-015795" }, { "db": "NVD", "id": "CVE-2019-4731" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/1125885" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172616" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4731" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4731" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-information-disclosure-via-trace-file-32944" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-inclusion-of-sensitive-data-within-trace-cve-2019-4731/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-015795" }, { "db": "CNNVD", "id": "CNNVD-202007-1538" }, { "db": "NVD", "id": "CVE-2019-4731" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2019-015795" }, { "db": "CNNVD", "id": "CNNVD-202007-1538" }, { "db": "NVD", "id": "CVE-2019-4731" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-015795" }, { "date": "2020-07-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1538" }, { "date": "2020-07-28T12:15:00", "db": "NVD", "id": "CVE-2019-4731" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-015795" }, { "date": "2020-07-30T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1538" }, { "date": "2020-07-28T15:48:00", "db": "NVD", "id": "CVE-2019-4731" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1538" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance Vulnerability regarding information leakage in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-015795" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1538" } ], "trust": 0.6 } }
var-202101-1514
Vulnerability from variot
IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831. Vendor exploits this vulnerability IBM X-Force ID: 190831 Is published as.Denial of service (DoS) It may be put into a state. IBM MQ Appliance is an all-in-one device from IBM in the United States for rapid deployment of enterprise-level messaging middleware
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1514", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 lts" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 cd" }, { "model": "mq appliance", "scope": null, "trust": 0.6, "vendor": "ibm", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-03003" }, { "db": "JVNDB", "id": "JVNDB-2021-002418" }, { "db": "NVD", "id": "CVE-2020-4869" } ] }, "cve": "CVE-2020-4869", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2020-4869", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CNVD-2021-03003", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2020-4869", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.6, "id": "CVE-2020-4869", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-4869", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-4869", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2020-4869", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2020-4869", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2021-03003", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-482", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-03003" }, { "db": "JVNDB", "id": "JVNDB-2021-002418" }, { "db": "CNNVD", "id": "CNNVD-202101-482" }, { "db": "NVD", "id": "CVE-2020-4869" }, { "db": "NVD", "id": "CVE-2020-4869" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831. Vendor exploits this vulnerability IBM X-Force ID: 190831 Is published as.Denial of service (DoS) It may be put into a state. IBM MQ Appliance is an all-in-one device from IBM in the United States for rapid deployment of enterprise-level messaging middleware", "sources": [ { "db": "NVD", "id": "CVE-2020-4869" }, { "db": "JVNDB", "id": "JVNDB-2021-002418" }, { "db": "CNVD", "id": "CNVD-2021-03003" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4869", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2021-002418", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-03003", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-482", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-03003" }, { "db": "JVNDB", "id": "JVNDB-2021-002418" }, { "db": "CNNVD", "id": "CNNVD-202101-482" }, { "db": "NVD", "id": "CVE-2020-4869" } ] }, "id": "VAR-202101-1514", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-03003" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-03003" } ] }, "last_update_date": "2024-11-23T23:11:12.655000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6398791 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6398791" }, { "title": "Patch for IBM MQ Appliance buffer overflow vulnerability (CNVD-2021-03003)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/244204" }, { "title": "IBM MQ Appliance Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138656" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-03003" }, { "db": "JVNDB", "id": "JVNDB-2021-002418" }, { "db": "CNNVD", "id": "CNNVD-202101-482" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.0 }, { "problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002418" }, { "db": "NVD", "id": "CVE-2020-4869" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190831" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6398791" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4869" }, { "trust": 1.2, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4869/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-snmp-query-34268" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-a-dos-attack/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-03003" }, { "db": "JVNDB", "id": "JVNDB-2021-002418" }, { "db": "CNNVD", "id": "CNNVD-202101-482" }, { "db": "NVD", "id": "CVE-2020-4869" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-03003" }, { "db": "JVNDB", "id": "JVNDB-2021-002418" }, { "db": "CNNVD", "id": "CNNVD-202101-482" }, { "db": "NVD", "id": "CVE-2020-4869" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-15T00:00:00", "db": "CNVD", "id": "CNVD-2021-03003" }, { "date": "2021-09-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002418" }, { "date": "2021-01-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-482" }, { "date": "2021-01-11T17:15:12.490000", "db": "NVD", "id": "CVE-2020-4869" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-15T00:00:00", "db": "CNVD", "id": "CNVD-2021-03003" }, { "date": "2021-09-14T09:08:00", "db": "JVNDB", "id": "JVNDB-2021-002418" }, { "date": "2021-06-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-482" }, { "date": "2024-11-21T05:33:20.627000", "db": "NVD", "id": "CVE-2020-4869" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-482" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Buffer Overflow Vulnerability in Linux", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002418" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-482" } ], "trust": 0.6 } }
var-202111-1528
Vulnerability from variot
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. IBM MQ Appliance There is a code injection vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 212441 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1528", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 lts" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 cd" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92961" }, { "db": "JVNDB", "id": "JVNDB-2021-015731" }, { "db": "NVD", "id": "CVE-2021-38967" } ] }, "cve": "CVE-2021-38967", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2021-38967", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2021-92961", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "id": "CVE-2021-38967", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.5, "id": "CVE-2021-38967", "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.7, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-38967", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-38967", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-38967", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-38967", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2021-92961", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202111-2168", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92961" }, { "db": "JVNDB", "id": "JVNDB-2021-015731" }, { "db": "CNNVD", "id": "CNNVD-202111-2168" }, { "db": "NVD", "id": "CVE-2021-38967" }, { "db": "NVD", "id": "CVE-2021-38967" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. IBM MQ Appliance There is a code injection vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 212441 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently provided", "sources": [ { "db": "NVD", "id": "CVE-2021-38967" }, { "db": "JVNDB", "id": "JVNDB-2021-015731" }, { "db": "CNVD", "id": "CNVD-2021-92961" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-38967", "trust": 3.8 }, { "db": "JVNDB", "id": "JVNDB-2021-015731", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-92961", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4024", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-2168", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92961" }, { "db": "JVNDB", "id": "JVNDB-2021-015731" }, { "db": "CNNVD", "id": "CNNVD-202111-2168" }, { "db": "NVD", "id": "CVE-2021-38967" } ] }, "id": "VAR-202111-1528", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-92961" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92961" } ] }, "last_update_date": "2024-08-14T13:23:09.444000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6512826 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6512826" }, { "title": "Patch for Unidentified vulnerabilities in IBM MQ Appliance", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/302076" }, { "title": "IBM MQ Appliance Fixes for code injection vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172396" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92961" }, { "db": "JVNDB", "id": "JVNDB-2021-015731" }, { "db": "CNNVD", "id": "CNNVD-202111-2168" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-94", "trust": 1.0 }, { "problemtype": "Code injection (CWE-94) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-015731" }, { "db": "NVD", "id": "CVE-2021-38967" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://www.ibm.com/support/pages/node/6512826" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212441" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38967" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-code-execution-via-injection-36982" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4024" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92961" }, { "db": "JVNDB", "id": "JVNDB-2021-015731" }, { "db": "CNNVD", "id": "CNNVD-202111-2168" }, { "db": "NVD", "id": "CVE-2021-38967" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-92961" }, { "db": "JVNDB", "id": "JVNDB-2021-015731" }, { "db": "CNNVD", "id": "CNNVD-202111-2168" }, { "db": "NVD", "id": "CVE-2021-38967" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-01T00:00:00", "db": "CNVD", "id": "CNVD-2021-92961" }, { "date": "2022-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-015731" }, { "date": "2021-11-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-2168" }, { "date": "2021-11-30T17:15:11.483000", "db": "NVD", "id": "CVE-2021-38967" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-01T00:00:00", "db": "CNVD", "id": "CNVD-2021-92961" }, { "date": "2022-11-29T08:18:00", "db": "JVNDB", "id": "JVNDB-2021-015731" }, { "date": "2021-12-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-2168" }, { "date": "2021-11-30T20:29:59.293000", "db": "NVD", "id": "CVE-2021-38967" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-2168" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Code injection vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-015731" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-2168" } ], "trust": 0.6 } }
var-201801-0385
Vulnerability from variot
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. IBM WebSphere MQ Contains an access control vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 131547 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0385", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "websphere mq", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "9.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "8.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq appliance cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.2" }, { "model": "mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" } ], "sources": [ { "db": "BID", "id": "102418" }, { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "CNNVD", "id": "CNNVD-201801-077" }, { "db": "NVD", "id": "CVE-2017-1557" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:websphere_mq", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011805" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported the issue.", "sources": [ { "db": "BID", "id": "102418" } ], "trust": 0.3 }, "cve": "CVE-2017-1557", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2017-1557", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2017-1557", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-1557", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2017-1557", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201801-077", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "CNNVD", "id": "CNNVD-201801-077" }, { "db": "NVD", "id": "CVE-2017-1557" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. IBM WebSphere MQ Contains an access control vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 131547 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial-of-service condition", "sources": [ { "db": "NVD", "id": "CVE-2017-1557" }, { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "BID", "id": "102418" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-1557", "trust": 2.7 }, { "db": "BID", "id": "102418", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2017-011805", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201801-077", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "102418" }, { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "CNNVD", "id": "CNNVD-201801-077" }, { "db": "NVD", "id": "CVE-2017-1557" } ] }, "id": "VAR-201801-0385", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.46875 }, "last_update_date": "2024-11-23T22:22:15.338000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "2004378", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22004378" }, { "title": "IBM WebSphere MQ Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77425" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "CNNVD", "id": "CNNVD-201801-077" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-284", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "NVD", "id": "CVE-2017-1557" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://www.securityfocus.com/bid/102418" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547" }, { "trust": 1.6, "url": "http://www.ibm.com/support/docview.wss?uid=swg22004378" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1557" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1557" }, { "trust": 0.3, "url": "http://www.ibm.com/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22004378" } ], "sources": [ { "db": "BID", "id": "102418" }, { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "CNNVD", "id": "CNNVD-201801-077" }, { "db": "NVD", "id": "CVE-2017-1557" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "102418" }, { "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "db": "CNNVD", "id": "CNNVD-201801-077" }, { "db": "NVD", "id": "CVE-2017-1557" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-02T00:00:00", "db": "BID", "id": "102418" }, { "date": "2018-01-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "date": "2018-01-03T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-077" }, { "date": "2018-01-02T17:29:01.070000", "db": "NVD", "id": "CVE-2017-1557" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-02T00:00:00", "db": "BID", "id": "102418" }, { "date": "2018-01-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011805" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-077" }, { "date": "2024-11-21T03:22:04.467000", "db": "NVD", "id": "CVE-2017-1557" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-077" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ Access control vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011805" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-077" } ], "trust": 0.6 } }
var-201711-0753
Vulnerability from variot
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144. IBM WebSphere MQ Contains a resource management vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 125144 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause the excessive resource consumption thereby denying service to other legitimate users
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0753", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "websphere mq", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "9.0" }, { "model": "websphere mq", "scope": "eq", "trust": 2.1, "vendor": "ibm", "version": "8.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "9.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "9.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "9.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "websphere mq", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "websphere mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "websphere mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.2" }, { "model": "websphere mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "mq appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" } ], "sources": [ { "db": "BID", "id": "102232" }, { "db": "JVNDB", "id": "JVNDB-2017-010846" }, { "db": "CNNVD", "id": "CNNVD-201711-1084" }, { "db": "NVD", "id": "CVE-2017-1283" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-1283" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported the issue.", "sources": [ { "db": "BID", "id": "102232" } ], "trust": 0.3 }, "cve": "CVE-2017-1283", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2017-1283", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 1.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 4.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-1283", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 1.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-1283", "trust": 1.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201711-1084", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2017-1283", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-1283" }, { "db": "JVNDB", "id": "JVNDB-2017-010846" }, { "db": "CNNVD", "id": "CNNVD-201711-1084" }, { "db": "NVD", "id": "CVE-2017-1283" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144. IBM WebSphere MQ Contains a resource management vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 125144 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause the excessive resource consumption thereby denying service to other legitimate users", "sources": [ { "db": "NVD", "id": "CVE-2017-1283" }, { "db": "JVNDB", "id": "JVNDB-2017-010846" }, { "db": "BID", "id": "102232" }, { "db": "VULMON", "id": "CVE-2017-1283" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-1283", "trust": 2.8 }, { "db": "JVNDB", "id": "JVNDB-2017-010846", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201711-1084", "trust": 0.6 }, { "db": "BID", "id": "102232", "trust": 0.4 }, { "db": "VULMON", "id": "CVE-2017-1283", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-1283" }, { "db": "BID", "id": "102232" }, { "db": "JVNDB", "id": "JVNDB-2017-010846" }, { "db": "CNNVD", "id": "CNNVD-201711-1084" }, { "db": "NVD", "id": "CVE-2017-1283" } ] }, "id": "VAR-201711-0753", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T09:39:22.550000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "2003852", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003852" }, { "title": "IBM WebSphere MQ Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76758" }, { "title": "Red-Team-vs-Blue-Team", "trust": 0.1, "url": "https://github.com/samgeron/red-team-vs-blue-team " } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-1283" }, { "db": "JVNDB", "id": "JVNDB-2017-010846" }, { "db": "CNNVD", "id": "CNNVD-201711-1084" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-772", "trust": 1.0 }, { "problemtype": "CWE-399", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010846" }, { "db": "NVD", "id": "CVE-2017-1283" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125144" }, { "trust": 1.7, "url": "http://www.ibm.com/support/docview.wss?uid=swg22003852" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1283" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1283" }, { "trust": 0.3, "url": "http://www.ibm.com/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003852" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/772.html" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/102232" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/gknaus008/red-team-vs-blue-team-project" } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-1283" }, { "db": "BID", "id": "102232" }, { "db": "JVNDB", "id": "JVNDB-2017-010846" }, { "db": "CNNVD", "id": "CNNVD-201711-1084" }, { "db": "NVD", "id": "CVE-2017-1283" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2017-1283" }, { "db": "BID", "id": "102232" }, { "db": "JVNDB", "id": "JVNDB-2017-010846" }, { "db": "CNNVD", "id": "CNNVD-201711-1084" }, { "db": "NVD", "id": "CVE-2017-1283" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-27T00:00:00", "db": "VULMON", "id": "CVE-2017-1283" }, { "date": "2017-11-14T00:00:00", "db": "BID", "id": "102232" }, { "date": "2017-12-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010846" }, { "date": "2017-11-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201711-1084" }, { "date": "2017-11-27T21:29:00", "db": "NVD", "id": "CVE-2017-1283" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-03T00:00:00", "db": "VULMON", "id": "CVE-2017-1283" }, { "date": "2017-11-14T00:00:00", "db": "BID", "id": "102232" }, { "date": "2017-12-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010846" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201711-1084" }, { "date": "2019-10-03T00:03:00", "db": "NVD", "id": "CVE-2017-1283" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201711-1084" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ Resource management vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010846" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201711-1084" } ], "trust": 0.6 } }
var-202001-0209
Vulnerability from variot
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 166629 Published as.Denial of service operation (DoS) May be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0209", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.8" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.0 lts" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "appliance 8.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "db": "NVD", "id": "CVE-2019-4568" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.0.8", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.0.8", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-4568" } ] }, "cve": "CVE-2019-4568", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4568", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 1.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "id": "CVE-2019-4568", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4568", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-4568", "trust": 1.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202001-1259", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "db": "CNNVD", "id": "CNNVD-202001-1259" }, { "db": "NVD", "id": "CVE-2019-4568" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 166629 Published as.Denial of service operation (DoS) May be in a state", "sources": [ { "db": "NVD", "id": "CVE-2019-4568" }, { "db": "JVNDB", "id": "JVNDB-2019-014396" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4568", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2019-014396", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202001-1259", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "db": "CNNVD", "id": "CNNVD-202001-1259" }, { "db": "NVD", "id": "CVE-2019-4568" } ] }, "id": "VAR-202001-0209", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T10:11:11.109000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1106517 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1106517" }, { "title": "IBM MQ and IBM MQ Appliance Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110076" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "db": "CNNVD", "id": "CNNVD-202001-1259" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "db": "NVD", "id": "CVE-2019-4568" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/1106517" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166629" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4568" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-error-within-the-clustering-code-cve-2019-4568/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-clustering-code-31427" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "db": "CNNVD", "id": "CNNVD-202001-1259" }, { "db": "NVD", "id": "CVE-2019-4568" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "db": "CNNVD", "id": "CNNVD-202001-1259" }, { "db": "NVD", "id": "CVE-2019-4568" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "date": "2020-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202001-1259" }, { "date": "2020-01-28T19:15:00", "db": "NVD", "id": "CVE-2019-4568" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014396" }, { "date": "2021-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202001-1259" }, { "date": "2021-07-21T11:39:00", "db": "NVD", "id": "CVE-2019-4568" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202001-1259" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0MQ\u00a0 and \u00a0MQ\u00a0Appliance\u00a0 Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014396" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202001-1259" } ], "trust": 0.6 } }
var-202007-1391
Vulnerability from variot
IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562. Vendor exploits this vulnerability IBM X-Force ID: 181562 It is published as.Service operation interruption (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1391", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.6" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.15" }, { "model": "mq appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008719" }, { "db": "NVD", "id": "CVE-2020-4465" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.15", "versionStartIncluding": "8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.0.0", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.6", "versionStartIncluding": "9.1.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4465" } ] }, "cve": "CVE-2020-4465", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2020-4465", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-008719", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2020-4465", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-008719", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-4465", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-008719", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202007-1537", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008719" }, { "db": "CNNVD", "id": "CNNVD-202007-1537" }, { "db": "NVD", "id": "CVE-2020-4465" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562. Vendor exploits this vulnerability IBM X-Force ID: 181562 It is published as.Service operation interruption (DoS) It may be put into a state", "sources": [ { "db": "NVD", "id": "CVE-2020-4465" }, { "db": "JVNDB", "id": "JVNDB-2020-008719" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4465", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2020-008719", "trust": 0.8 }, { "db": "NSFOCUS", "id": "47999", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202007-1537", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008719" }, { "db": "CNNVD", "id": "CNNVD-202007-1537" }, { "db": "NVD", "id": "CVE-2020-4465" } ] }, "id": "VAR-202007-1391", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T10:18:15.889000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6252783", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6252783" }, { "title": "ibm-mq-cve20204465-dos (181562)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181562" }, { "title": "IBM MQ Appliance Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=125023" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008719" }, { "db": "CNNVD", "id": "CNNVD-202007-1537" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008719" }, { "db": "NVD", "id": "CVE-2020-4465" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6252783" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181562" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4465" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4465" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-buffer-overflow-vulnerability-due-to-an-error-within-the-channel-processing-code-cve-2020-4465/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47999" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-integration-servers-could-cause-a-denial-of-service-or-a-buffer-overflow-when-using-mq/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4465/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-buffer-overflow-via-channel-processing-32947" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-buffer-overflow-vulnerability-cve-2020-4465/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008719" }, { "db": "CNNVD", "id": "CNNVD-202007-1537" }, { "db": "NVD", "id": "CVE-2020-4465" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2020-008719" }, { "db": "CNNVD", "id": "CNNVD-202007-1537" }, { "db": "NVD", "id": "CVE-2020-4465" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008719" }, { "date": "2020-07-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1537" }, { "date": "2020-07-28T12:15:00", "db": "NVD", "id": "CVE-2020-4465" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008719" }, { "date": "2020-12-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1537" }, { "date": "2020-07-28T15:10:00", "db": "NVD", "id": "CVE-2020-4465" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1537" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural IBM Classic buffer overflow vulnerability in product", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008719" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1537" } ], "trust": 0.6 } }
var-202007-1093
Vulnerability from variot
IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402. Vendor exploits this vulnerability IBM X-Force ID: 177402 It is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1093", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.6" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.15" }, { "model": "mq appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008717" }, { "db": "NVD", "id": "CVE-2020-4319" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.15", "versionStartIncluding": "8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.0.0", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.6", "versionStartIncluding": "9.1.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4319" } ] }, "cve": "CVE-2020-4319", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "id": "CVE-2020-4319", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-008717", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2020-4319", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "JVNDB-2020-008717", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-4319", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-008717", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202007-1545", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008717" }, { "db": "CNNVD", "id": "CNNVD-202007-1545" }, { "db": "NVD", "id": "CVE-2020-4319" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402. Vendor exploits this vulnerability IBM X-Force ID: 177402 It is published as.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2020-4319" }, { "db": "JVNDB", "id": "JVNDB-2020-008717" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4319", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2020-008717", "trust": 0.8 }, { "db": "NSFOCUS", "id": "49873", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202007-1545", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008717" }, { "db": "CNNVD", "id": "CNNVD-202007-1545" }, { "db": "NVD", "id": "CVE-2020-4319" } ] }, "id": "VAR-202007-1093", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T10:10:54.352000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6252777", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6252777" }, { "title": "ibm-mq-cve20204319-info-disc (177402)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177402" }, { "title": "IBM MQ Appliance Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=125189" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008717" }, { "db": "CNNVD", "id": "CNNVD-202007-1545" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-209", "trust": 1.0 }, { "problemtype": "CWE-200", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008717" }, { "db": "NVD", "id": "CVE-2020-4319" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177402" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6252777" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4319" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4319" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-sensitive-information-disclosure-vulnerability-cve-2020-4319/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4319/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-information-disclosure-via-pre-v7-pubsub-logic-error-message-32945" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/49873" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-leak-sensitive-information-due-to-an-error-within-the-pre-v7-pubsub-logic-cve-2020-4319/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008717" }, { "db": "CNNVD", "id": "CNNVD-202007-1545" }, { "db": "NVD", "id": "CVE-2020-4319" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2020-008717" }, { "db": "CNNVD", "id": "CNNVD-202007-1545" }, { "db": "NVD", "id": "CVE-2020-4319" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008717" }, { "date": "2020-07-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1545" }, { "date": "2020-07-28T12:15:00", "db": "NVD", "id": "CVE-2020-4319" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008717" }, { "date": "2020-10-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1545" }, { "date": "2021-07-21T11:39:00", "db": "NVD", "id": "CVE-2020-4319" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1545" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural IBM Product Information Leakage Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008717" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1545" } ], "trust": 0.6 } }
var-202203-0542
Vulnerability from variot
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276. IBM MQ Appliance There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 218276 It is published as.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently available
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0542", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.2.5" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.5" }, { "model": "mq appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 cd" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 lts" }, { "model": "mq appliance lts", "scope": "gte", "trust": 0.6, "vendor": "ibm", "version": "9.2.0.0,\u003c9.2.0.5" }, { "model": "mq appliance continuous delivery", "scope": "gte", "trust": 0.6, "vendor": "ibm", "version": "9.2.0.0,\u003c9.2.5" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-25209" }, { "db": "JVNDB", "id": "JVNDB-2022-009158" }, { "db": "NVD", "id": "CVE-2022-22316" } ] }, "cve": "CVE-2022-22316", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2022-22316", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CNVD-2022-25209", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2022-22316", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.6, "id": "CVE-2022-22316", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-22316", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-22316", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2022-22316", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2022-22316", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2022-25209", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202203-1939", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2022-22316", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-25209" }, { "db": "VULMON", "id": "CVE-2022-22316" }, { "db": "JVNDB", "id": "JVNDB-2022-009158" }, { "db": "CNNVD", "id": "CNNVD-202203-1939" }, { "db": "NVD", "id": "CVE-2022-22316" }, { "db": "NVD", "id": "CVE-2022-22316" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276. IBM MQ Appliance There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 218276 It is published as.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently available", "sources": [ { "db": "NVD", "id": "CVE-2022-22316" }, { "db": "JVNDB", "id": "JVNDB-2022-009158" }, { "db": "CNVD", "id": "CNVD-2022-25209" }, { "db": "VULMON", "id": "CVE-2022-22316" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22316", "trust": 3.9 }, { "db": "JVNDB", "id": "JVNDB-2022-009158", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-25209", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.2414", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202203-1939", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-22316", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-25209" }, { "db": "VULMON", "id": "CVE-2022-22316" }, { "db": "JVNDB", "id": "JVNDB-2022-009158" }, { "db": "CNNVD", "id": "CNNVD-202203-1939" }, { "db": "NVD", "id": "CVE-2022-22316" } ] }, "id": "VAR-202203-0542", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-25209" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-25209" } ] }, "last_update_date": "2024-11-23T22:32:55.167000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6560040 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6560040" }, { "title": "Patch for Unknown Vulnerability in IBM MQ Appliance (CNVD-2022-25209)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/328546" }, { "title": "IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187134" }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/AlphabugX/CVE-2022-23305 " }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/AlphabugX/CVE-2022-RCE " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-25209" }, { "db": "VULMON", "id": "CVE-2022-22316" }, { "db": "JVNDB", "id": "JVNDB-2022-009158" }, { "db": "CNNVD", "id": "CNNVD-202203-1939" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-009158" }, { "db": "NVD", "id": "CVE-2022-22316" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218276" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6560040" }, { "trust": 1.2, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-authorization-check-37842" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22316" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.2414" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22316/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-25209" }, { "db": "VULMON", "id": "CVE-2022-22316" }, { "db": "JVNDB", "id": "JVNDB-2022-009158" }, { "db": "CNNVD", "id": "CNNVD-202203-1939" }, { "db": "NVD", "id": "CVE-2022-22316" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-25209" }, { "db": "VULMON", "id": "CVE-2022-22316" }, { "db": "JVNDB", "id": "JVNDB-2022-009158" }, { "db": "CNNVD", "id": "CNNVD-202203-1939" }, { "db": "NVD", "id": "CVE-2022-22316" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-01T00:00:00", "db": "CNVD", "id": "CNVD-2022-25209" }, { "date": "2022-03-23T00:00:00", "db": "VULMON", "id": "CVE-2022-22316" }, { "date": "2023-08-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-009158" }, { "date": "2022-03-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-1939" }, { "date": "2022-03-23T17:15:07.793000", "db": "NVD", "id": "CVE-2022-22316" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-01T00:00:00", "db": "CNVD", "id": "CNVD-2022-25209" }, { "date": "2022-03-29T00:00:00", "db": "VULMON", "id": "CVE-2022-22316" }, { "date": "2023-08-03T07:05:00", "db": "JVNDB", "id": "JVNDB-2022-009158" }, { "date": "2022-05-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-1939" }, { "date": "2024-11-21T06:46:37.690000", "db": "NVD", "id": "CVE-2022-22316" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-1939" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-009158" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-1939" } ], "trust": 0.6 } }
var-202011-1431
Vulnerability from variot
IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. IBM MQ Appliance Contains an unspecified vulnerability.Information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202011-1431", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1 lts" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1 cd" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-013740" }, { "db": "NVD", "id": "CVE-2020-4592" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.1.0.0:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.1.0.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4592" } ] }, "cve": "CVE-2020-4592", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.5, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-4592", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 1.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2020-4592", "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-4592", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-4592", "trust": 1.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202011-1519", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-013740" }, { "db": "CNNVD", "id": "CNNVD-202011-1519" }, { "db": "NVD", "id": "CVE-2020-4592" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. IBM MQ Appliance Contains an unspecified vulnerability.Information may be tampered with", "sources": [ { "db": "NVD", "id": "CVE-2020-4592" }, { "db": "JVNDB", "id": "JVNDB-2020-013740" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4592", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2020-013740", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202011-1519", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-013740" }, { "db": "CNNVD", "id": "CNNVD-202011-1519" }, { "db": "NVD", "id": "CVE-2020-4592" } ] }, "id": "VAR-202011-1431", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T10:03:20.574000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6359019 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6359019" }, { "title": "IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=134749" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-013740" }, { "db": "CNNVD", "id": "CNNVD-202011-1519" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-013740" }, { "db": "NVD", "id": "CVE-2020-4592" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184755" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6359019" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4592" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-data-corruption-33908" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-authenticated-user-under-nondefault-configuration-to-cause-a-data-corruption-attack-due-to-an-error-when-using-segmented-messages-cve-2020-4592/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4592/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-013740" }, { "db": "CNNVD", "id": "CNNVD-202011-1519" }, { "db": "NVD", "id": "CVE-2020-4592" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2020-013740" }, { "db": "CNNVD", "id": "CNNVD-202011-1519" }, { "db": "NVD", "id": "CVE-2020-4592" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-013740" }, { "date": "2020-11-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202011-1519" }, { "date": "2020-11-18T18:15:00", "db": "NVD", "id": "CVE-2020-4592" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-13T07:51:00", "db": "JVNDB", "id": "JVNDB-2020-013740" }, { "date": "2020-12-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202011-1519" }, { "date": "2020-12-01T19:02:00", "db": "NVD", "id": "CVE-2020-4592" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202011-1519" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-013740" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202011-1519" } ], "trust": 0.6 } }
var-202101-1665
Vulnerability from variot
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1665", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.3" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.7" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.2" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.6" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.6" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.7" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.8" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.0" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.8" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.6" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.9" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.2" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.15" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.5" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.9" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.5" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.3" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.3" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.10" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq appliance", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.5" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.2.1.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4682" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:8.0.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.1:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.2:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.3:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.4:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.5:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.6:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.7:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.8:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.9:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.0.0.10:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.1:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.2:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.3:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.4:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.5:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.1.0.6:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:9.2.1.0:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:7.5.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4682" } ] }, "cve": "CVE-2020-4682", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2020-4682", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 1.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-4682", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-4682", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202101-2461", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2020-4682", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4682" }, { "db": "CNNVD", "id": "CNNVD-202101-2461" }, { "db": "NVD", "id": "CVE-2020-4682" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509", "sources": [ { "db": "NVD", "id": "CVE-2020-4682" }, { "db": "VULMON", "id": "CVE-2020-4682" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4682", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-202101-2461", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-4682", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4682" }, { "db": "CNNVD", "id": "CNNVD-202101-2461" }, { "db": "NVD", "id": "CVE-2020-4682" } ] }, "id": "VAR-202101-1665", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T08:52:19.080000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "IBM MQ Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140067" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-2461" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4682" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6408626" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6496783" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4682" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4682/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-code-execution-via-deserialization-34421" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4682/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-4682" }, { "db": "CNNVD", "id": "CNNVD-202101-2461" }, { "db": "NVD", "id": "CVE-2020-4682" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2020-4682" }, { "db": "CNNVD", "id": "CNNVD-202101-2461" }, { "db": "NVD", "id": "CVE-2020-4682" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-28T00:00:00", "db": "VULMON", "id": "CVE-2020-4682" }, { "date": "2021-01-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-2461" }, { "date": "2021-01-28T13:15:00", "db": "NVD", "id": "CVE-2020-4682" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-02T00:00:00", "db": "VULMON", "id": "CVE-2020-4682" }, { "date": "2021-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-2461" }, { "date": "2021-02-02T17:35:00", "db": "NVD", "id": "CVE-2020-4682" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-2461" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Code problem vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-2461" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-2461" } ], "trust": 0.6 } }
var-202001-0210
Vulnerability from variot
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 168639 Published as.Denial of service operation (DoS) May be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0210", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq appliance", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.1.4" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.8" }, { "model": "mq", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "appliance" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "db": "NVD", "id": "CVE-2019-4614" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.0.8", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.0.8", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-4614" } ] }, "cve": "CVE-2019-4614", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4614", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 1.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2019-4614", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4614", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-4614", "trust": 1.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202001-1260", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "db": "CNNVD", "id": "CNNVD-202001-1260" }, { "db": "NVD", "id": "CVE-2019-4614" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. IBM MQ and MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 168639 Published as.Denial of service operation (DoS) May be in a state", "sources": [ { "db": "NVD", "id": "CVE-2019-4614" }, { "db": "JVNDB", "id": "JVNDB-2019-014394" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4614", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2019-014394", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2020.0266", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202001-1260", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "db": "CNNVD", "id": "CNNVD-202001-1260" }, { "db": "NVD", "id": "CVE-2019-4614" } ] }, "id": "VAR-202001-0210", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T07:01:18.851000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1106523 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/1106523" }, { "title": "IBM MQ and IBM MQ Appliance Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=109435" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "db": "CNNVD", "id": "CNNVD-202001-1260" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "db": "NVD", "id": "CVE-2019-4614" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/1106523" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4614" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1125897" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1135023" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1125891" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1127031" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0266/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-caused-by-converting-an-invalid-message-cve-2019-4614/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-invalid-message-31428" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-multiple-vulnerabilities-within-ibm-mq-cve-2019-4655-cve-2019-4560-cve-2019-4614-cve-2019-4620/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-affected-by-ibm-mq-vulnerability-cve-2019-4614/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "db": "CNNVD", "id": "CNNVD-202001-1260" }, { "db": "NVD", "id": "CVE-2019-4614" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "db": "CNNVD", "id": "CNNVD-202001-1260" }, { "db": "NVD", "id": "CVE-2019-4614" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "date": "2020-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202001-1260" }, { "date": "2020-01-28T19:15:00", "db": "NVD", "id": "CVE-2019-4614" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014394" }, { "date": "2020-05-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202001-1260" }, { "date": "2021-07-21T11:39:00", "db": "NVD", "id": "CVE-2019-4614" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202001-1260" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0MQ\u00a0 and \u00a0MQ\u00a0Appliance\u00a0 Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014394" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202001-1260" } ], "trust": 0.6 } }
var-201909-0018
Vulnerability from variot
IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337. IBM MQ Contains a resource exhaustion vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 158337 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0018", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "websphere mq appliance", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.2" }, { "model": "websphere mq appliance", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.1.2" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.2" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.1" }, { "model": "websphere mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "websphere mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.1.0.9" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.0" }, { "model": "websphere mq appliance", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.9" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.1.2" }, { "model": "websphere mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.6" }, { "model": "websphere mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "websphere mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "websphere mq", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009729" }, { "db": "NVD", "id": "CVE-2019-4141" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "7.1.0.9", "versionStartIncluding": "7.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "9.1.2", "versionStartIncluding": "9.1.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq_appliance:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndIncluding": "9.1.0.2", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "7.5.0.9", "versionStartIncluding": "7.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.0.11", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndIncluding": "9.0.0.6", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "9.1.0.2", "versionStartIncluding": "9.1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq_appliance:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.0.11", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq_appliance:*:*:*:*:cd:*:*:*", "cpe_name": [], "versionEndIncluding": "9.1.2", "versionStartIncluding": "9.1.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-4141" } ] }, "cve": "CVE-2019-4141", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4141", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 1.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2019-4141", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-4141", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-4141", "trust": 1.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201909-1241", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009729" }, { "db": "CNNVD", "id": "CNNVD-201909-1241" }, { "db": "NVD", "id": "CVE-2019-4141" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337. IBM MQ Contains a resource exhaustion vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 158337 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state", "sources": [ { "db": "NVD", "id": "CVE-2019-4141" }, { "db": "JVNDB", "id": "JVNDB-2019-009729" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4141", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2019-009729", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.3650", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201909-1241", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009729" }, { "db": "CNNVD", "id": "CNNVD-201909-1241" }, { "db": "NVD", "id": "CVE-2019-4141" } ] }, "id": "VAR-201909-0018", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T10:18:43.467000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "876772", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/876772" }, { "title": "ibm-websphere-cve20194141-dos (158337)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337" }, { "title": "IBM MQ and IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98639" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009729" }, { "db": "CNNVD", "id": "CNNVD-201909-1241" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-401", "trust": 1.0 }, { "problemtype": "CWE-400", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009729" }, { "db": "NVD", "id": "CVE-2019-4141" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://www.ibm.com/support/pages/node/876772" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158337" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4141" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4141" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-memory-leak-via-cluster-30424" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3650/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009729" }, { "db": "CNNVD", "id": "CNNVD-201909-1241" }, { "db": "NVD", "id": "CVE-2019-4141" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2019-009729" }, { "db": "CNNVD", "id": "CNNVD-201909-1241" }, { "db": "NVD", "id": "CVE-2019-4141" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009729" }, { "date": "2019-09-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-1241" }, { "date": "2019-09-27T14:15:00", "db": "NVD", "id": "CVE-2019-4141" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009729" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-1241" }, { "date": "2020-08-24T17:37:00", "db": "NVD", "id": "CVE-2019-4141" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-1241" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Vulnerable to resource exhaustion", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009729" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-1241" } ], "trust": 0.6 } }
var-202102-0826
Vulnerability from variot
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware.
There is a security vulnerability in the IBM MQ Appliance. Attackers can use this vulnerability to trigger a fatal error through the AMQP channel of the IBM MQ appliance, thereby triggering a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0826", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": null, "trust": 0.6, "vendor": "ibm", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" }, { "db": "NVD", "id": "CVE-2020-4931" } ] }, "cve": "CVE-2020-4931", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2020-4931", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CNVD-2021-12640", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2020-4931", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2020-4931", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-4931", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2020-4931", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2021-12640", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202102-1508", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" }, { "db": "CNNVD", "id": "CNNVD-202102-1508" }, { "db": "NVD", "id": "CVE-2020-4931" }, { "db": "NVD", "id": "CVE-2020-4931" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. \n\r\n\r\nThere is a security vulnerability in the IBM MQ Appliance. Attackers can use this vulnerability to trigger a fatal error through the AMQP channel of the IBM MQ appliance, thereby triggering a denial of service", "sources": [ { "db": "NVD", "id": "CVE-2020-4931" }, { "db": "CNVD", "id": "CNVD-2021-12640" } ], "trust": 1.44 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4931", "trust": 2.2 }, { "db": "CNVD", "id": "CNVD-2021-12640", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-1508", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" }, { "db": "CNNVD", "id": "CNNVD-202102-1508" }, { "db": "NVD", "id": "CVE-2020-4931" } ] }, "id": "VAR-202102-0826", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" } ] }, "last_update_date": "2024-11-23T23:07:39.677000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for IBM MQ Appliance Denial of Service Vulnerability (CNVD-2021-12640)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/249166" }, { "title": "IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142521" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" }, { "db": "CNNVD", "id": "CNNVD-202102-1508" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4931" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6403295" }, { "trust": 1.2, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4931/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4931" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-amqp-channels-34652" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-amqp-channels-could-allow-an-authenticated-user-to-cause-a-denial-of-service-due-to-an-issue-processing-messages-cve-2020-4931/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" }, { "db": "CNNVD", "id": "CNNVD-202102-1508" }, { "db": "NVD", "id": "CVE-2020-4931" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-12640" }, { "db": "CNNVD", "id": "CNNVD-202102-1508" }, { "db": "NVD", "id": "CVE-2020-4931" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-25T00:00:00", "db": "CNVD", "id": "CNVD-2021-12640" }, { "date": "2021-02-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-1508" }, { "date": "2021-02-24T18:15:12.797000", "db": "NVD", "id": "CVE-2020-4931" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-26T00:00:00", "db": "CNVD", "id": "CNVD-2021-12640" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-1508" }, { "date": "2024-11-21T05:33:26.623000", "db": "NVD", "id": "CVE-2020-4931" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1508" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance Denial of Service Vulnerability (CNVD-2021-12640)", "sources": [ { "db": "CNVD", "id": "CNVD-2021-12640" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1508" } ], "trust": 0.6 } }
var-201904-0357
Vulnerability from variot
IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. IBM MQ Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 156564 Published as.Denial of service (DoS) May be in a state. An attacker can exploit this issue to cause a denial-of-service condition. The following product and versions are affected: IBM MQ and MQ Appliance from versions 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.1.0.0 through 9.1.0.1 and 9.1.0 through 9.1.1
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0357", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.5" }, { "model": "mq appliance", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "mq appliance", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq appliance", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq appliance", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.1.0" }, { "model": "mq", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0.0.0 to 8.0.0.10" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.0.0.0 to 9.0.0.5" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.1.0.0 to 9.1.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.5" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.5" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.5" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.4" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.3" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.2" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "mq lts", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "mq lts", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.6" }, { "model": "mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.11" } ], "sources": [ { "db": "BID", "id": "108027" }, { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "NVD", "id": "CVE-2019-4055" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:mq_appliance", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003617" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported the issue.", "sources": [ { "db": "BID", "id": "108027" }, { "db": "CNNVD", "id": "CNNVD-201904-879" } ], "trust": 0.9 }, "cve": "CVE-2019-4055", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2019-4055", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-4055", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-4055", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-4055", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2019-4055", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-4055", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201904-879", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "CNNVD", "id": "CNNVD-201904-879" }, { "db": "NVD", "id": "CVE-2019-4055" }, { "db": "NVD", "id": "CVE-2019-4055" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. IBM MQ Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 156564 Published as.Denial of service (DoS) May be in a state. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThe following product and versions are affected:\nIBM MQ and MQ Appliance from versions 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.1.0.0 through 9.1.0.1 and 9.1.0 through 9.1.1", "sources": [ { "db": "NVD", "id": "CVE-2019-4055" }, { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "BID", "id": "108027" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4055", "trust": 2.7 }, { "db": "BID", "id": "108027", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2019-003617", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.1347", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4784", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.4106", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3122", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201904-879", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "108027" }, { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "CNNVD", "id": "CNNVD-201904-879" }, { "db": "NVD", "id": "CVE-2019-4055" } ] }, "id": "VAR-201904-0357", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.46875 }, "last_update_date": "2024-11-23T19:38:16.858000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "0870484", "trust": 0.8, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870484" }, { "title": "ibm-websphere-cve20194055-dos (156564)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564" }, { "title": "IBM MQ and IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=91713" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "CNNVD", "id": "CNNVD-201904-879" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "NVD", "id": "CVE-2019-4055" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870484" }, { "trust": 2.2, "url": "http://www.securityfocus.com/bid/108027" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4055" }, { "trust": 0.9, "url": "http://www.ibm.com/" }, { "trust": 0.9, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10870484" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4055" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1137634" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1115109" }, { "trust": 0.6, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10967151" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-tls-key-renegotiation-29053" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10967151" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1115031" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/79378" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.4106" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3122/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4784/" } ], "sources": [ { "db": "BID", "id": "108027" }, { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "CNNVD", "id": "CNNVD-201904-879" }, { "db": "NVD", "id": "CVE-2019-4055" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "108027" }, { "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "db": "CNNVD", "id": "CNNVD-201904-879" }, { "db": "NVD", "id": "CVE-2019-4055" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-16T00:00:00", "db": "BID", "id": "108027" }, { "date": "2019-05-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "date": "2019-04-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-879" }, { "date": "2019-04-19T17:29:01.987000", "db": "NVD", "id": "CVE-2019-4055" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-16T00:00:00", "db": "BID", "id": "108027" }, { "date": "2019-05-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003617" }, { "date": "2023-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-879" }, { "date": "2024-11-21T04:43:05.823000", "db": "NVD", "id": "CVE-2019-4055" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-879" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003617" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-879" } ], "trust": 0.6 } }
var-201707-0274
Vulnerability from variot
IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354. IBM WebSphere MQ There is a service disruption (DoS) There are vulnerabilities that are put into a state. IBM MQ is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to crash the service, denying service to legitimate users
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0274", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "websphere mq", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "mq cd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq cd", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" } ], "sources": [ { "db": "BID", "id": "99505" }, { "db": "JVNDB", "id": "JVNDB-2017-005641" }, { "db": "CNNVD", "id": "CNNVD-201707-285" }, { "db": "NVD", "id": "CVE-2017-1236" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:websphere_mq", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-005641" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported the issue.", "sources": [ { "db": "BID", "id": "99505" } ], "trust": 0.3 }, "cve": "CVE-2017-1236", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2017-1236", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2017-1236", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-1236", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2017-1236", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201707-285", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-005641" }, { "db": "CNNVD", "id": "CNNVD-201707-285" }, { "db": "NVD", "id": "CVE-2017-1236" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354. IBM WebSphere MQ There is a service disruption (DoS) There are vulnerabilities that are put into a state. IBM MQ is prone to a denial-of-service vulnerability. \nRemote attackers can exploit this issue to crash the service, denying service to legitimate users", "sources": [ { "db": "NVD", "id": "CVE-2017-1236" }, { "db": "JVNDB", "id": "JVNDB-2017-005641" }, { "db": "BID", "id": "99505" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-1236", "trust": 2.7 }, { "db": "BID", "id": "99505", "trust": 1.3 }, { "db": "JVNDB", "id": "JVNDB-2017-005641", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201707-285", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "99505" }, { "db": "JVNDB", "id": "JVNDB-2017-005641" }, { "db": "CNNVD", "id": "CNNVD-201707-285" }, { "db": "NVD", "id": "CVE-2017-1236" } ] }, "id": "VAR-201707-0274", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.46875 }, "last_update_date": "2024-11-23T22:56:11.550000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "2003510", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003510" }, { "title": "IBM WebSphere MQ and IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71548" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-005641" }, { "db": "CNNVD", "id": "CNNVD-201707-285" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-005641" }, { "db": "NVD", "id": "CVE-2017-1236" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://www.ibm.com/support/docview.wss?uid=swg22003510" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/99505" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1236" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1236" }, { "trust": 0.3, "url": "http://www.ibm.com/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003510" } ], "sources": [ { "db": "BID", "id": "99505" }, { "db": "JVNDB", "id": "JVNDB-2017-005641" }, { "db": "CNNVD", "id": "CNNVD-201707-285" }, { "db": "NVD", "id": "CVE-2017-1236" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "99505" }, { "db": "JVNDB", "id": "JVNDB-2017-005641" }, { "db": "CNNVD", "id": "CNNVD-201707-285" }, { "db": "NVD", "id": "CVE-2017-1236" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-07-05T00:00:00", "db": "BID", "id": "99505" }, { "date": "2017-08-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-005641" }, { "date": "2017-07-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201707-285" }, { "date": "2017-07-06T14:29:00.247000", "db": "NVD", "id": "CVE-2017-1236" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-07-05T00:00:00", "db": "BID", "id": "99505" }, { "date": "2017-08-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-005641" }, { "date": "2017-12-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201707-285" }, { "date": "2024-11-21T03:21:33.593000", "db": "NVD", "id": "CVE-2017-1236" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201707-285" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-005641" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201707-285" } ], "trust": 0.6 } }
var-201707-0551
Vulnerability from variot
IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. Vendors have confirmed this vulnerability IBM X-Force ID: 125730 It is released as.Arbitrary commands could be executed by an authorized message administrator. An attacker can exploit this issue to execute arbitrary command on the affected system. This may aid in further attacks. MQ Appliance 9.0.1, 9.0.2, and 8.0.0.0 through 8.0.0.6 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0551", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "9.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq appliance", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq appliance", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "9.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "mq appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "mq appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" } ], "sources": [ { "db": "BID", "id": "99594" }, { "db": "JVNDB", "id": "JVNDB-2017-006094" }, { "db": "CNNVD", "id": "CNNVD-201707-753" }, { "db": "NVD", "id": "CVE-2017-1318" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:8.0.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:8.0.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:8.0.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:8.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:9.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:8.0.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:8.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:mq_appliance:8.0.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-1318" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM.", "sources": [ { "db": "BID", "id": "99594" } ], "trust": 0.3 }, "cve": "CVE-2017-1318", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2017-1318", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 1.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2017-1318", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 1.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-1318", "trust": 1.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201707-753", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-006094" }, { "db": "CNNVD", "id": "CNNVD-201707-753" }, { "db": "NVD", "id": "CVE-2017-1318" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. Vendors have confirmed this vulnerability IBM X-Force ID: 125730 It is released as.Arbitrary commands could be executed by an authorized message administrator. \nAn attacker can exploit this issue to execute arbitrary command on the affected system. This may aid in further attacks. \nMQ Appliance 9.0.1, 9.0.2, and 8.0.0.0 through 8.0.0.6 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2017-1318" }, { "db": "JVNDB", "id": "JVNDB-2017-006094" }, { "db": "BID", "id": "99594" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-1318", "trust": 2.7 }, { "db": "BID", "id": "99594", "trust": 1.3 }, { "db": "JVNDB", "id": "JVNDB-2017-006094", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201707-753", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "99594" }, { "db": "JVNDB", "id": "JVNDB-2017-006094" }, { "db": "CNNVD", "id": "CNNVD-201707-753" }, { "db": "NVD", "id": "CVE-2017-1318" } ] }, "id": "VAR-201707-0551", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T10:26:49.161000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "2003815", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003815" }, { "title": "IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71800" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-006094" }, { "db": "CNNVD", "id": "CNNVD-201707-753" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-78", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-006094" }, { "db": "NVD", "id": "CVE-2017-1318" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://www.ibm.com/support/docview.wss?uid=swg22003815" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125730" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/99594" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1318" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1318" }, { "trust": 0.3, "url": "http://www.ibm.com" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003815" } ], "sources": [ { "db": "BID", "id": "99594" }, { "db": "JVNDB", "id": "JVNDB-2017-006094" }, { "db": "CNNVD", "id": "CNNVD-201707-753" }, { "db": "NVD", "id": "CVE-2017-1318" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "99594" }, { "db": "JVNDB", "id": "JVNDB-2017-006094" }, { "db": "CNNVD", "id": "CNNVD-201707-753" }, { "db": "NVD", "id": "CVE-2017-1318" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-07-14T00:00:00", "db": "BID", "id": "99594" }, { "date": "2017-08-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-006094" }, { "date": "2017-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201707-753" }, { "date": "2017-07-18T13:29:00", "db": "NVD", "id": "CVE-2017-1318" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-07-14T00:00:00", "db": "BID", "id": "99594" }, { "date": "2017-08-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-006094" }, { "date": "2017-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201707-753" }, { "date": "2017-07-28T18:00:00", "db": "NVD", "id": "CVE-2017-1318" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201707-753" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ An arbitrary command execution vulnerability in the appliance", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-006094" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "operating system commend injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201707-753" } ], "trust": 0.6 } }
var-202111-1472
Vulnerability from variot
IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042. IBM MQ Appliance There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 212042 It is published as.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1472", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mq appliance", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.2.0.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 lts" }, { "model": "mq appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2 cd" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92963" }, { "db": "JVNDB", "id": "JVNDB-2021-015733" }, { "db": "NVD", "id": "CVE-2021-38958" } ] }, "cve": "CVE-2021-38958", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-38958", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CNVD-2021-92963", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "id": "CVE-2021-38958", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.4, "id": "CVE-2021-38958", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-38958", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-38958", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-38958", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-38958", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2021-92963", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202111-2182", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92963" }, { "db": "JVNDB", "id": "JVNDB-2021-015733" }, { "db": "CNNVD", "id": "CNNVD-202111-2182" }, { "db": "NVD", "id": "CVE-2021-38958" }, { "db": "NVD", "id": "CVE-2021-38958" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042. IBM MQ Appliance There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 212042 It is published as.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently provided", "sources": [ { "db": "NVD", "id": "CVE-2021-38958" }, { "db": "JVNDB", "id": "JVNDB-2021-015733" }, { "db": "CNVD", "id": "CNVD-2021-92963" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-38958", "trust": 3.8 }, { "db": "JVNDB", "id": "JVNDB-2021-015733", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-92963", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4024", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-2182", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92963" }, { "db": "JVNDB", "id": "JVNDB-2021-015733" }, { "db": "CNNVD", "id": "CNNVD-202111-2182" }, { "db": "NVD", "id": "CVE-2021-38958" } ] }, "id": "VAR-202111-1472", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-92963" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92963" } ] }, "last_update_date": "2024-08-14T13:23:09.492000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6519420 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6519420" }, { "title": "Patch for An unspecified vulnerability exists in IBM MQ Appliance (CNVD-2021-92963)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/302086" }, { "title": "IBM MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172099" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92963" }, { "db": "JVNDB", "id": "JVNDB-2021-015733" }, { "db": "CNNVD", "id": "CNNVD-202111-2182" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-015733" }, { "db": "NVD", "id": "CVE-2021-38958" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://www.ibm.com/support/pages/node/6519420" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212043" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38958" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4024" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-concurrency-issue-36983" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-92963" }, { "db": "JVNDB", "id": "JVNDB-2021-015733" }, { "db": "CNNVD", "id": "CNNVD-202111-2182" }, { "db": "NVD", "id": "CVE-2021-38958" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-92963" }, { "db": "JVNDB", "id": "JVNDB-2021-015733" }, { "db": "CNNVD", "id": "CNNVD-202111-2182" }, { "db": "NVD", "id": "CVE-2021-38958" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-01T00:00:00", "db": "CNVD", "id": "CNVD-2021-92963" }, { "date": "2022-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-015733" }, { "date": "2021-11-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-2182" }, { "date": "2021-11-30T17:15:11.427000", "db": "NVD", "id": "CVE-2021-38958" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-01T00:00:00", "db": "CNVD", "id": "CNVD-2021-92963" }, { "date": "2022-11-29T08:20:00", "db": "JVNDB", "id": "JVNDB-2021-015733" }, { "date": "2021-12-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-2182" }, { "date": "2021-11-30T20:32:18.963000", "db": "NVD", "id": "CVE-2021-38958" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-2182" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-015733" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-2182" } ], "trust": 0.6 } }
var-201712-0784
Vulnerability from variot
IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. Vendors have confirmed this vulnerability IBM X-Force ID: 126456 It is released as.Information may be tampered with. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0784", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "websphere mq", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "9.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "websphere mq", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 1.9, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "9.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 1.6, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "websphere mq", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "8.0" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mq appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" } ], "sources": [ { "db": "BID", "id": "102042" }, { "db": "JVNDB", "id": "JVNDB-2017-010972" }, { "db": "CNNVD", "id": "CNNVD-201712-101" }, { "db": "NVD", "id": "CVE-2017-1341" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-1341" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM.", "sources": [ { "db": "BID", "id": "102042" }, { "db": "CNNVD", "id": "CNNVD-201712-101" } ], "trust": 0.9 }, "cve": "CVE-2017-1341", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-1341", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 1.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.7, "baseSeverity": "Low", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-1341", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "trust": 1.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-1341", "trust": 1.8, "value": "Low" }, { "author": "CNNVD", "id": "CNNVD-201712-101", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010972" }, { "db": "CNNVD", "id": "CNNVD-201712-101" }, { "db": "NVD", "id": "CVE-2017-1341" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. Vendors have confirmed this vulnerability IBM X-Force ID: 126456 It is released as.Information may be tampered with. \nAn attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks", "sources": [ { "db": "NVD", "id": "CVE-2017-1341" }, { "db": "JVNDB", "id": "JVNDB-2017-010972" }, { "db": "BID", "id": "102042" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-1341", "trust": 2.7 }, { "db": "BID", "id": "102042", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2017-010972", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201712-101", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "102042" }, { "db": "JVNDB", "id": "JVNDB-2017-010972" }, { "db": "CNNVD", "id": "CNNVD-201712-101" }, { "db": "NVD", "id": "CVE-2017-1341" } ] }, "id": "VAR-201712-0784", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2022-05-04T09:39:21.241000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "2005400", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005400" }, { "title": "IBM WebSpher MQ and IBM WebSpher MQ Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76925" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010972" }, { "db": "CNNVD", "id": "CNNVD-201712-101" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-284", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010972" }, { "db": "NVD", "id": "CVE-2017-1341" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.ibm.com/support/docview.wss?uid=swg22005400" }, { "trust": 1.6, "url": "https://www.securityfocus.com/bid/102042" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126456" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1341" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1341" }, { "trust": 0.3, "url": "http://www.ibm.com/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005400" } ], "sources": [ { "db": "BID", "id": "102042" }, { "db": "JVNDB", "id": "JVNDB-2017-010972" }, { "db": "CNNVD", "id": "CNNVD-201712-101" }, { "db": "NVD", "id": "CVE-2017-1341" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "102042" }, { "db": "JVNDB", "id": "JVNDB-2017-010972" }, { "db": "CNNVD", "id": "CNNVD-201712-101" }, { "db": "NVD", "id": "CVE-2017-1341" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-12-04T00:00:00", "db": "BID", "id": "102042" }, { "date": "2017-12-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010972" }, { "date": "2017-12-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201712-101" }, { "date": "2017-12-07T15:29:00", "db": "NVD", "id": "CVE-2017-1341" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-12-19T22:01:00", "db": "BID", "id": "102042" }, { "date": "2017-12-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010972" }, { "date": "2020-07-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201712-101" }, { "date": "2019-10-03T00:03:00", "db": "NVD", "id": "CVE-2017-1341" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201712-101" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere MQ Access control vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010972" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201712-101" } ], "trust": 0.6 } }
cve-2020-4267
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6195384 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/175840 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.0 Version: 8.0.0.8 Version: 8.0.0.10 Version: 8.0.0.11 Version: 9.1.0.1 Version: 9.1.1 Version: 8.0.0.1 Version: 8.0.0.7 Version: 8.0.0.9 Version: 8.0.0.12 Version: 9.1.0.2 Version: 9.1.2 Version: 9.1.0.3 Version: 9.1.3 Version: 9.1 Version: 8.0.0.13 Version: 9.1.0.4 Version: 9.1.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:06.915Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6195384" }, { "name": "ibm-mq-cve20204267-dos (175840)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "8.0.0.11" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "8.0.0.12" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "9.1.0.3" }, { "status": "affected", "version": "9.1.3" }, { "status": "affected", "version": "9.1" }, { "status": "affected", "version": "8.0.0.13" }, { "status": "affected", "version": "9.1.0.4" }, { "status": "affected", "version": "9.1.4" } ] } ], "datePublic": "2020-04-22T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/C:N/UI:N/AC:H/S:U/I:N/PR:L/AV:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-24T15:50:21", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6195384" }, { "name": "ibm-mq-cve20204267-dos (175840)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-04-22T00:00:00", "ID": "CVE-2020-4267", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.10" }, { "version_value": "8.0.0.11" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.7" }, { "version_value": "8.0.0.9" }, { "version_value": "8.0.0.12" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "9.1.0.3" }, { "version_value": "9.1.3" }, { "version_value": "9.1" }, { "version_value": "8.0.0.13" }, { "version_value": "9.1.0.4" }, { "version_value": "9.1.4" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6195384", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6195384 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6195384" }, { "name": "ibm-mq-cve20204267-dos (175840)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4267", "datePublished": "2020-04-24T15:50:21.949654Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T23:01:18.469Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4869
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6398791 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/190831 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.2.0.0 Version: 9.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.119Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6398791" }, { "name": "ibm-mq-cve20204869-dos (190831)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190831" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2.0.0" }, { "status": "affected", "version": "9.2.1" } ] } ], "datePublic": "2021-01-08T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/I:N/AV:N/C:N/UI:N/PR:L/S:U/A:H/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-11T17:10:15", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6398791" }, { "name": "ibm-mq-cve20204869-dos (190831)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190831" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-08T00:00:00", "ID": "CVE-2020-4869", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.2.0.0" }, { "version_value": "9.2.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6398791", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6398791 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6398791" }, { "name": "ibm-mq-cve20204869-dos (190831)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190831" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4869", "datePublished": "2021-01-11T17:10:15.276254Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T22:55:21.998Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4498
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6252409 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/182118 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 9.1.0.3 Version: 9.1.3 Version: 9.1.0.4 Version: 9.1.4 Version: 9.1.0.5 Version: 9.1.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:49.008Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6252409" }, { "name": "ibm-mq-cve20204498-info-disc (182118)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182118" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "9.1.0.3" }, { "status": "affected", "version": "9.1.3" }, { "status": "affected", "version": "9.1.0.4" }, { "status": "affected", "version": "9.1.4" }, { "status": "affected", "version": "9.1.0.5" }, { "status": "affected", "version": "9.1.5" } ] } ], "datePublic": "2020-07-23T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.6, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/AV:L/A:N/S:U/UI:N/PR:H/I:N/C:H/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-27T13:31:24", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6252409" }, { "name": "ibm-mq-cve20204498-info-disc (182118)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182118" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-07-23T00:00:00", "ID": "CVE-2020-4498", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "9.1.0.3" }, { "version_value": "9.1.3" }, { "version_value": "9.1.0.4" }, { "version_value": "9.1.4" }, { "version_value": "9.1.0.5" }, { "version_value": "9.1.5" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "L", "C": "H", "I": "N", "PR": "H", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6252409", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6252409 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6252409" }, { "name": "ibm-mq-cve20204498-info-disc (182118)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182118" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4498", "datePublished": "2020-07-27T13:31:24.867712Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T03:33:36.082Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38999
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6519418 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/213214 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.2.0.0 Version: 9.2.1 Version: 9.2.0.1 Version: 9.2.2 Version: 9.2.0.2 Version: 9.2.0.3 Version: 9.2.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:16.516Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6519418" }, { "name": "ibm-mq-cve202138999-info-disc (213214)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213214" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2.0.0" }, { "status": "affected", "version": "9.2.1" }, { "status": "affected", "version": "9.2.0.1" }, { "status": "affected", "version": "9.2.2" }, { "status": "affected", "version": "9.2.0.2" }, { "status": "affected", "version": "9.2.0.3" }, { "status": "affected", "version": "9.2.3" } ] } ], "datePublic": "2021-11-29T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/UI:N/S:U/PR:N/AC:H/AV:L/C:H/I:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-30T16:45:18", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6519418" }, { "name": "ibm-mq-cve202138999-info-disc (213214)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213214" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-11-29T00:00:00", "ID": "CVE-2021-38999", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.2.0.0" }, { "version_value": "9.2.1" }, { "version_value": "9.2.0.1" }, { "version_value": "9.2.2" }, { "version_value": "9.2.0.2" }, { "version_value": "9.2.0.3" }, { "version_value": "9.2.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "L", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6519418", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6519418 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6519418" }, { "name": "ibm-mq-cve202138999-info-disc (213214)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213214" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38999", "datePublished": "2021-11-30T16:45:18.129251Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-17T02:56:42.975Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-46177
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7091235 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/269536 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.3 LTS, 9.3 CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:37:39.951Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7091235" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269536" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.3 LTS, 9.3 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536." } ], "value": "IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-18T14:11:51.583Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7091235" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269536" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ Appliance information disclosure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-46177", "datePublished": "2023-12-18T14:11:51.583Z", "dateReserved": "2023-10-17T22:30:29.595Z", "dateUpdated": "2024-08-02T20:37:39.951Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4465
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6252783 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/181562 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 8.0 Version: 9.1.LTS Version: 9.1.CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:48.681Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6252783" }, { "name": "ibm-mq-cve20204465-dos (181562)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181562" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.1.LTS" }, { "status": "affected", "version": "9.1.CD" } ] } ], "datePublic": "2020-07-27T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/PR:L/AC:H/C:N/A:H/AV:N/UI:N/I:N/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-28T12:05:27", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6252783" }, { "name": "ibm-mq-cve20204465-dos (181562)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181562" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-07-27T00:00:00", "ID": "CVE-2020-4465", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "9.1.LTS" }, { "version_value": "9.1.CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6252783", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6252783 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6252783" }, { "name": "ibm-mq-cve20204465-dos (181562)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181562" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4465", "datePublished": "2020-07-28T12:05:27.638914Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T23:56:15.178Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4870
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6380742 | x_refsource_CONFIRM | |
https://www.ibm.com/support/pages/node/6386466 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/190833 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | IBM | MQ |
Version: 9.2.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.059Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6380742" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6386466" }, { "name": "ibm-mq-cve20204870-dos (190833)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2.0" } ] }, { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2.0.0" } ] } ], "datePublic": "2020-12-18T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/AC:H/S:U/UI:N/AV:N/A:H/I:N/C:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-21T17:50:32", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6380742" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6386466" }, { "name": "ibm-mq-cve20204870-dos (190833)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-12-18T00:00:00", "ID": "CVE-2020-4870", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ", "version": { "version_data": [ { "version_value": "9.2.0" } ] } }, { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.2.0.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6380742", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6380742 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6380742" }, { "name": "https://www.ibm.com/support/pages/node/6386466", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6386466 (MQ)", "url": "https://www.ibm.com/support/pages/node/6386466" }, { "name": "ibm-mq-cve20204870-dos (190833)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4870", "datePublished": "2020-12-21T17:50:32.362789Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T03:22:23.347Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4375
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6252785 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/179080 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 8.0 Version: 9.1.LTS Version: 9.1.CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:07.247Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6252785" }, { "name": "ibm-mq-cve20204375-dos (179080)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179080" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.1.LTS" }, { "status": "affected", "version": "9.1.CD" } ] } ], "datePublic": "2020-07-27T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/A:H/AC:H/C:N/PR:N/S:U/I:N/UI:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-28T12:05:27", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6252785" }, { "name": "ibm-mq-cve20204375-dos (179080)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179080" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-07-27T00:00:00", "ID": "CVE-2020-4375", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "9.1.LTS" }, { "version_value": "9.1.CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6252785", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6252785 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6252785" }, { "name": "ibm-mq-cve20204375-dos (179080)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179080" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4375", "datePublished": "2020-07-28T12:05:27.198491Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T19:25:56.520Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1429
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1040564 | vdb-entry, x_refsource_SECTRACK | |
http://www.ibm.com/support/docview.wss?uid=swg22014046 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/139077 | x_refsource_MISC | |
http://www.securityfocus.com/bid/103491 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.0.1 Version: 9.0.2 Version: 9.0.3 Version: 9.0.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:59:39.044Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1040564", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040564" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22014046" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077" }, { "name": "103491", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103491" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.2" }, { "status": "affected", "version": "9.0.3" }, { "status": "affected", "version": "9.0.4" } ] } ], "datePublic": "2018-03-21T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-03-24T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "1040564", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040564" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22014046" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077" }, { "name": "103491", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103491" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-03-21T00:00:00", "ID": "CVE-2018-1429", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.0.1" }, { "version_value": "9.0.2" }, { "version_value": "9.0.3" }, { "version_value": "9.0.4" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "1040564", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040564" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22014046", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22014046" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077" }, { "name": "103491", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103491" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1429", "datePublished": "2018-03-23T19:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T18:55:24.166Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22356
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6564711 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/220487 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.2 LTS Version: 9.2 CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:54.984Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6564711" }, { "name": "ibm-mq-cve202222356-info-disc (220487)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220487" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2 LTS" }, { "status": "affected", "version": "9.2 CD" } ] } ], "datePublic": "2022-04-04T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:H/PR:L/S:U/I:N/UI:N/A:N/AV:N/AC:H/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-05T16:45:22", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6564711" }, { "name": "ibm-mq-cve202222356-info-disc (220487)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220487" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-04-04T00:00:00", "ID": "CVE-2022-22356", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.2 LTS" }, { "version_value": "9.2 CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6564711", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6564711 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6564711" }, { "name": "ibm-mq-cve202222356-info-disc (220487)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220487" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22356", "datePublished": "2022-04-05T16:45:22.946689Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-16T18:49:50.435Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22316
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6560040 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/218276 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.2 LTS Version: 9.2 CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:07:50.451Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6560040" }, { "name": "ibm-mq-cve202222316-dos (218276)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218276" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2 LTS" }, { "status": "affected", "version": "9.2 CD" } ] } ], "datePublic": "2022-03-18T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:L/A:H/AC:H/AV:N/C:N/I:N/S:U/UI:N/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-23T16:20:12", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6560040" }, { "name": "ibm-mq-cve202222316-dos (218276)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218276" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-03-18T00:00:00", "ID": "CVE-2022-22316", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.2 LTS" }, { "version_value": "9.2 CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6560040", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6560040 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6560040" }, { "name": "ibm-mq-cve202222316-dos (218276)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218276" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22316", "datePublished": "2022-03-23T16:20:12.777181Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-16T18:44:16.061Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-52896
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7178244 | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-52896", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-20T16:45:05.829507Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-20T17:40:50.695Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.\u003c/span\u003e" } ], "value": "IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-19T17:05:46.722Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7178244" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ Appliance information disclosure", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-52896", "datePublished": "2024-12-19T17:01:20.061Z", "dateReserved": "2024-11-17T14:25:44.935Z", "dateUpdated": "2024-12-20T17:40:50.695Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4294
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/docview.wss?uid=ibm10887005 | x_refsource_CONFIRM | |
https://www.ibm.com/support/docview.wss?uid=ibm10958933 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/160701 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.0 Version: 8.0.0.8 Version: 8.0.0.10 Version: 9.1.0.0 Version: 8.0.0.11 Version: 9.1.0.1 Version: 9.1.1 Version: 8.0.0.1 Version: 8.0.0.7 Version: 8.0.0.9 Version: 8.0.0.2 Version: 8.0.0.12 Version: 9.1.0.2 Version: 9.1.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:33:37.649Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887005" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10958933" }, { "name": "ibm-mq-cve20194294-code-exec (160701)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160701" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.8" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "8.0.0.11" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "8.0.0.2" }, { "status": "affected", "version": "8.0.0.12" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" } ] }, { "product": "DataPower Gateway", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.6.0.0" }, { "status": "affected", "version": "2018.4.1.0" }, { "status": "affected", "version": "2018.4.1.6" }, { "status": "affected", "version": "7.6.0.15" }, { "status": "affected", "version": "CD" } ] } ], "datePublic": "2019-08-13T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.3, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/A:H/C:H/PR:N/I:H/UI:N/AV:L/S:U/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-20T18:25:26", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887005" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10958933" }, { "name": "ibm-mq-cve20194294-code-exec (160701)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160701" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-08-13T00:00:00", "ID": "CVE-2019-4294", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.8" }, { "version_value": "8.0.0.10" }, { "version_value": "9.1.0.0" }, { "version_value": "8.0.0.11" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.7" }, { "version_value": "8.0.0.9" }, { "version_value": "8.0.0.2" }, { "version_value": "8.0.0.12" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" } ] } }, { "product_name": "DataPower Gateway", "version": { "version_data": [ { "version_value": "7.6.0.0" }, { "version_value": "2018.4.1.0" }, { "version_value": "2018.4.1.6" }, { "version_value": "7.6.0.15" }, { "version_value": "CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10887005", "refsource": "CONFIRM", "title": "IBM Security Bulletin 887005 (MQ Appliance)", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887005" }, { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10958933", "refsource": "CONFIRM", "title": "IBM Security Bulletin 958933 (DataPower Gateway)", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10958933" }, { "name": "ibm-mq-cve20194294-code-exec (160701)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160701" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4294", "datePublished": "2019-08-20T18:25:26.483137Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T18:34:28.475Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38967
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6512826 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/212441 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.2.0.0 Version: 9.2.1 Version: 9.2.0.1 Version: 9.2.2 Version: 9.2.0.2 Version: 9.2.0.3 Version: 9.2.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.836Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6512826" }, { "name": "ibm-mq-cve202138967-code-exec (212441)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212441" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2.0.0" }, { "status": "affected", "version": "9.2.1" }, { "status": "affected", "version": "9.2.0.1" }, { "status": "affected", "version": "9.2.2" }, { "status": "affected", "version": "9.2.0.2" }, { "status": "affected", "version": "9.2.0.3" }, { "status": "affected", "version": "9.2.3" } ] } ], "datePublic": "2021-11-29T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 7.1, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:C/UI:N/A:H/C:H/AV:L/I:H/AC:L/PR:H/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-30T16:45:16", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6512826" }, { "name": "ibm-mq-cve202138967-code-exec (212441)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212441" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-11-29T00:00:00", "ID": "CVE-2021-38967", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.2.0.0" }, { "version_value": "9.2.1" }, { "version_value": "9.2.0.1" }, { "version_value": "9.2.2" }, { "version_value": "9.2.0.2" }, { "version_value": "9.2.0.3" }, { "version_value": "9.2.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "H", "S": "C", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6512826", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6512826 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6512826" }, { "name": "ibm-mq-cve202138967-code-exec (212441)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212441" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38967", "datePublished": "2021-11-30T16:45:16.628657Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-17T00:21:05.932Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28513
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7007421 | vendor-advisory | |
https://www.ibm.com/support/pages/node/7007731 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 | vdb-entry |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | IBM | MQ |
Version: 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, 9.3 CD |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:43:23.049Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7007421" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7007731" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-28513", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T15:34:38.689370Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T15:35:56.231Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, 9.3 CD" } ] }, { "defaultStatus": "unaffected", "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2 LTS, 9.3 LTS, 9.2 CD, 9.2 LTS" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397." } ], "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-19T01:49:14.604Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7007421" }, { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7007731" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-28513", "datePublished": "2023-07-19T01:49:14.604Z", "dateReserved": "2023-03-16T21:05:38.974Z", "dateUpdated": "2024-10-21T15:35:56.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4319
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6252777 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/177402 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 8.0 Version: 9.1.LTS Version: 9.1.CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:07.643Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6252777" }, { "name": "ibm-mq-cve20204319-info-disc (177402)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177402" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "9.1.LTS" }, { "status": "affected", "version": "9.1.CD" } ] } ], "datePublic": "2020-07-27T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 2.7, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/I:N/PR:L/S:U/C:L/AC:H/A:N/AV:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-28T12:05:26", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6252777" }, { "name": "ibm-mq-cve20204319-info-disc (177402)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177402" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-07-27T00:00:00", "ID": "CVE-2020-4319", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "9.1.LTS" }, { "version_value": "9.1.CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6252777", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6252777 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6252777" }, { "name": "ibm-mq-cve20204319-info-disc (177402)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177402" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4319", "datePublished": "2020-07-28T12:05:26.710761Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T22:14:21.498Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4938
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6466717 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/191815 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.1 Version: 9.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.194Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6466717" }, { "name": "ibm-mq-cve20204938-csrf (191815)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191815" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1" }, { "status": "affected", "version": "9.2" } ] } ], "datePublic": "2021-07-09T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/UI:R/S:U/A:N/AC:L/PR:N/I:L/C:N/AV:N/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-12T16:05:26", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6466717" }, { "name": "ibm-mq-cve20204938-csrf (191815)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191815" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-07-09T00:00:00", "ID": "CVE-2020-4938", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.1" }, { "version_value": "9.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "N", "I": "L", "PR": "N", "S": "U", "UI": "R" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6466717", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6466717 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6466717" }, { "name": "ibm-mq-cve20204938-csrf (191815)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191815" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4938", "datePublished": "2021-07-12T16:05:26.126920Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T04:20:21.308Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4620
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1125891 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/168863 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.0 Version: 8.0.0.10 Version: 8.0.0.11 Version: 9.1.0.1 Version: 9.1.1 Version: 8.0.0.1 Version: 8.0.0.7 Version: 8.0.0.9 Version: 8.0.0.12 Version: 9.1.0.2 Version: 9.1.2 Version: 9.1.0.3 Version: 9.1.3 Version: 9.1 Version: 8.0.0.13 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:48.248Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1125891" }, { "name": "ibm-mq-cve20194620-sec-bypass (168863)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168863" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "8.0.0.6" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.10" }, { "status": "affected", "version": "8.0.0.11" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "8.0.0.1" }, { "status": "affected", "version": "8.0.0.7" }, { "status": "affected", "version": "8.0.0.9" }, { "status": "affected", "version": "8.0.0.12" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "9.1.0.3" }, { "status": "affected", "version": "9.1.3" }, { "status": "affected", "version": "9.1" }, { "status": "affected", "version": "8.0.0.13" } ] } ], "datePublic": "2020-01-23T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.3, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/A:H/I:H/AC:L/AV:L/C:H/UI:N/PR:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Bypass Security", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-28T18:30:52", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1125891" }, { "name": "ibm-mq-cve20194620-sec-bypass (168863)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168863" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-01-23T00:00:00", "ID": "CVE-2019-4620", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "8.0.0.6" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.10" }, { "version_value": "8.0.0.11" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "8.0.0.1" }, { "version_value": "8.0.0.7" }, { "version_value": "8.0.0.9" }, { "version_value": "8.0.0.12" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "9.1.0.3" }, { "version_value": "9.1.3" }, { "version_value": "9.1" }, { "version_value": "8.0.0.13" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Bypass Security" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1125891", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1125891 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/1125891" }, { "name": "ibm-mq-cve20194620-sec-bypass (168863)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168863" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4620", "datePublished": "2020-01-28T18:30:53.030821Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T03:18:41.467Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51471
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7178243 | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.3 LTS, 9.3 CD, 9.4 LTS cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-51471", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-20T17:55:02.866568Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-20T17:55:19.110Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.3 LTS, 9.3 CD, 9.4 LTS" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eweb console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.\u003c/span\u003e\n\n\u003c/span\u003e" } ], "value": "IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u00a0web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-19T17:15:25.805Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7178243" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ Appliance denial of service", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-51471", "datePublished": "2024-12-19T17:11:02.223Z", "dateReserved": "2024-10-28T10:50:18.700Z", "dateUpdated": "2024-12-20T17:55:19.110Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-52897
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7178086 | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.3 LTS, 9.3 CD, 9.4 LTS cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-52897", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-20T17:52:05.732429Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-20T17:53:01.240Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.3 LTS, 9.3 CD, 9.4 LTS" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eweb console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.\u003c/span\u003e\n\n\u003c/span\u003e" } ], "value": "IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u00a0web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-19T17:18:11.436Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7178086" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ Appliance information disclosure", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-52897", "datePublished": "2024-12-19T17:18:11.436Z", "dateReserved": "2024-11-17T14:25:44.935Z", "dateUpdated": "2024-12-20T17:53:01.240Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29843
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6513681 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/205203 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.1.LTS Version: 9.1.CD Version: 9.2.LTS Version: 9.2.CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:03.168Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6513681" }, { "name": "ibm-mq-cve202129843-dos (205203)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205203" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1.LTS" }, { "status": "affected", "version": "9.1.CD" }, { "status": "affected", "version": "9.2.LTS" }, { "status": "affected", "version": "9.2.CD" } ] } ], "datePublic": "2021-11-05T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:N/C:N/AC:H/S:U/A:H/UI:N/PR:L/AV:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-08T16:50:32", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6513681" }, { "name": "ibm-mq-cve202129843-dos (205203)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205203" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-11-05T00:00:00", "ID": "CVE-2021-29843", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.1.LTS" }, { "version_value": "9.1.CD" }, { "version_value": "9.2.LTS" }, { "version_value": "9.2.CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6513681", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6513681 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6513681" }, { "name": "ibm-mq-cve202129843-dos (205203)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205203" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29843", "datePublished": "2021-11-08T16:50:32.227400Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-17T00:26:18.641Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4592
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6359019 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/184755 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.1.LTS Version: 9.1.CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:48.988Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6359019" }, { "name": "ibm-mq-cve20204592-data-manipulation (184755)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184755" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1.LTS" }, { "status": "affected", "version": "9.1.CD" } ] } ], "datePublic": "2020-11-17T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:L/AV:N/AC:H/S:U/UI:N/I:H/C:N/A:N/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Data Manipulation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-11-18T17:20:18", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6359019" }, { "name": "ibm-mq-cve20204592-data-manipulation (184755)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184755" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-11-17T00:00:00", "ID": "CVE-2020-4592", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.1.LTS" }, { "version_value": "9.1.CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "N", "I": "H", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Data Manipulation" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6359019", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6359019 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6359019" }, { "name": "ibm-mq-cve20204592-data-manipulation (184755)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184755" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4592", "datePublished": "2020-11-18T17:20:18.953203Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T22:40:17.273Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1652
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/144724 | vdb-entry, x_refsource_XF | |
https://www.ibm.com/support/docview.wss?uid=ibm10717483 | x_refsource_CONFIRM | |
https://www.ibm.com/support/docview.wss?uid=ibm10744557 | x_refsource_CONFIRM |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | IBM | DataPower Gateways |
Version: 7.1.0.0 Version: 7.2.0.0 Version: 7.5.0.0 Version: 7.5.1.0 Version: 7.6.0.0 Version: 7.5.2.0 Version: 7.6.0.2 Version: 7.5.2.9 Version: 7.5.1.9 Version: 7.5.0.10 Version: 7.2.0.16 Version: 7.1.0.19 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T04:07:44.070Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ibm-mq-cve20181652-dos(144724)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "DataPower Gateways", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1.0.0" }, { "status": "affected", "version": "7.2.0.0" }, { "status": "affected", "version": "7.5.0.0" }, { "status": "affected", "version": "7.5.1.0" }, { "status": "affected", "version": "7.6.0.0" }, { "status": "affected", "version": "7.5.2.0" }, { "status": "affected", "version": "7.6.0.2" }, { "status": "affected", "version": "7.5.2.9" }, { "status": "affected", "version": "7.5.1.9" }, { "status": "affected", "version": "7.5.0.10" }, { "status": "affected", "version": "7.2.0.16" }, { "status": "affected", "version": "7.1.0.19" } ] }, { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.5" }, { "status": "affected", "version": "8.0.0.0" }, { "status": "affected", "version": "8.0.0.8" } ] } ], "datePublic": "2018-12-10T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-11T15:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "ibm-mq-cve20181652-dos(144724)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-12-10T00:00:00", "ID": "CVE-2018-1652", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "DataPower Gateways", "version": { "version_data": [ { "version_value": "7.1.0.0" }, { "version_value": "7.2.0.0" }, { "version_value": "7.5.0.0" }, { "version_value": "7.5.1.0" }, { "version_value": "7.6.0.0" }, { "version_value": "7.5.2.0" }, { "version_value": "7.6.0.2" }, { "version_value": "7.5.2.9" }, { "version_value": "7.5.1.9" }, { "version_value": "7.5.0.10" }, { "version_value": "7.2.0.16" }, { "version_value": "7.1.0.19" } ] } }, { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.0.1" }, { "version_value": "9.0.5" }, { "version_value": "8.0.0.0" }, { "version_value": "8.0.0.8" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "ibm-mq-cve20181652-dos(144724)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724" }, { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10717483", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483" }, { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10744557", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1652", "datePublished": "2018-12-11T16:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T17:54:00.095Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4931
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6403295 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/191747 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.1.0.0 Version: 9.1.0.1 Version: 9.1.1 Version: 9.1.0.2 Version: 9.1.2 Version: 9.1.0.3 Version: 9.1.3 Version: 9.1.0.4 Version: 9.1.4 Version: 9.1.0.5 Version: 9.1.5 Version: 9.1.0.6 Version: 9.2.0.0 Version: 9.2.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.186Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6403295" }, { "name": "ibm-mq-cve20204931-dos (191747)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1.0.0" }, { "status": "affected", "version": "9.1.0.1" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.0.2" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "9.1.0.3" }, { "status": "affected", "version": "9.1.3" }, { "status": "affected", "version": "9.1.0.4" }, { "status": "affected", "version": "9.1.4" }, { "status": "affected", "version": "9.1.0.5" }, { "status": "affected", "version": "9.1.5" }, { "status": "affected", "version": "9.1.0.6" }, { "status": "affected", "version": "9.2.0.0" }, { "status": "affected", "version": "9.2.0.1" } ] } ], "datePublic": "2021-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/S:U/UI:N/A:H/C:N/PR:L/I:N/AC:L/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T17:20:13", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6403295" }, { "name": "ibm-mq-cve20204931-dos (191747)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-02-23T00:00:00", "ID": "CVE-2020-4931", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.1.0.0" }, { "version_value": "9.1.0.1" }, { "version_value": "9.1.1" }, { "version_value": "9.1.0.2" }, { "version_value": "9.1.2" }, { "version_value": "9.1.0.3" }, { "version_value": "9.1.3" }, { "version_value": "9.1.0.4" }, { "version_value": "9.1.4" }, { "version_value": "9.1.0.5" }, { "version_value": "9.1.5" }, { "version_value": "9.1.0.6" }, { "version_value": "9.2.0.0" }, { "version_value": "9.2.0.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6403295", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6403295 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6403295" }, { "name": "ibm-mq-cve20204931-dos (191747)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4931", "datePublished": "2021-02-24T17:20:13.887915Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T03:07:35.365Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38958
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6519420 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/212043 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.2.0.0 Version: 9.2.1 Version: 9.2.0.1 Version: 9.2.2 Version: 9.2.0.2 Version: 9.2.0.3 Version: 9.2.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.818Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6519420" }, { "name": "ibm-mq-cve202138958-dos (212043)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212043" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2.0.0" }, { "status": "affected", "version": "9.2.1" }, { "status": "affected", "version": "9.2.0.1" }, { "status": "affected", "version": "9.2.2" }, { "status": "affected", "version": "9.2.0.2" }, { "status": "affected", "version": "9.2.0.3" }, { "status": "affected", "version": "9.2.3" } ] } ], "datePublic": "2021-11-29T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042" } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/UI:N/A:H/I:N/C:N/AV:L/PR:N/AC:H/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-30T16:45:15", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6519420" }, { "name": "ibm-mq-cve202138958-dos (212043)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212043" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-11-29T00:00:00", "ID": "CVE-2021-38958", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.2.0.0" }, { "version_value": "9.2.1" }, { "version_value": "9.2.0.1" }, { "version_value": "9.2.2" }, { "version_value": "9.2.0.2" }, { "version_value": "9.2.0.3" }, { "version_value": "9.2.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042" } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6519420", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6519420 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6519420" }, { "name": "ibm-mq-cve202138958-dos (212043)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212043" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38958", "datePublished": "2021-11-30T16:45:15.183527Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T20:16:24.685Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1318
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=swg22003815 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99594 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/125730 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 8.0 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 9.0.1 Version: 9.0.2 Version: 8.0.0.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:32:28.511Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22003815" }, { "name": "99594", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99594" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125730" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.0.0.3" }, { "status": "affected", "version": "8.0.0.4" }, { "status": "affected", "version": "8.0.0.5" }, { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.0.2" }, { "status": "affected", "version": "8.0.0.6" } ] } ], "datePublic": "2017-07-14T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730." } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T09:57:02", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22003815" }, { "name": "99594", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99594" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125730" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-07-14T00:00:00", "ID": "CVE-2017-1318", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.0.0.3" }, { "version_value": "8.0.0.4" }, { "version_value": "8.0.0.5" }, { "version_value": "9.0.1" }, { "version_value": "9.0.2" }, { "version_value": "8.0.0.6" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22003815", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22003815" }, { "name": "99594", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99594" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125730", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125730" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1318", "datePublished": "2017-07-18T13:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T20:32:26.684Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-46176
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7060769 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/269535 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.3 CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:37:39.953Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7060769" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269535" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-46176", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T20:27:15.963875Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T20:29:27.069Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.3 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535." } ], "value": "IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-424", "description": "CWE-424 Improper Protection of Alternate Path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-03T00:06:38.556Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7060769" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269535" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ privilege escalation", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-46176", "datePublished": "2023-11-03T00:06:38.556Z", "dateReserved": "2023-10-17T22:30:29.595Z", "dateUpdated": "2024-09-04T20:29:27.069Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-25048
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7149481 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/283137 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.3 LTS, 9.3 CD |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:lts:*:*:*" ], "defaultStatus": "unknown", "product": "mq_appliance", "vendor": "ibm", "versions": [ { "status": "affected", "version": "9.3.0.0" } ] }, { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:continuous_delivery:*:*:*" ], "defaultStatus": "unknown", "product": "mq_appliance", "vendor": "ibm", "versions": [ { "status": "affected", "version": "9.3.0.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-25048", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-29T16:28:58.874065Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:35:01.063Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:36:21.564Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7149481" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283137" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.3 LTS, 9.3 CD" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137." } ], "value": "IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-27T12:07:33.519Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7149481" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283137" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ code execution", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-25048", "datePublished": "2024-04-27T12:07:33.519Z", "dateReserved": "2024-02-03T14:49:33.094Z", "dateUpdated": "2024-08-01T23:36:21.564Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51470
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7179137 | vendor-advisory | |
https://www.ibm.com/support/pages/node/7178085 | vendor-advisory | |
https://www.ibm.com/support/pages/node/7177593 | vendor-advisory |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | IBM | MQ |
Version: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:* |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-51470", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-18T20:24:17.133411Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-18T20:24:38.409Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD" } ] }, { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.3 LTS, 9.3 CD, 9.4 LTS" } ] }, { "cpes": [ "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ for HPE NonStop", "vendor": "IBM", "versions": [ { "lessThanOrEqual": "8.1.0.25", "status": "affected", "version": "8.1.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ\u0026nbsp;9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u0026nbsp;9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u0026nbsp;could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.\u003c/span\u003e" } ], "value": "IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-18T19:56:10.377Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7179137" }, { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7178085" }, { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7177593" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-51470", "datePublished": "2024-12-18T19:56:10.377Z", "dateReserved": "2024-10-28T10:50:18.700Z", "dateUpdated": "2024-12-18T20:24:38.409Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38986
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6560032 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/212942 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.2 LTS Version: 9.2 CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:16.429Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6560032" }, { "name": "ibm-mq-cve202138986-session-fixation (212942)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212942" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2 LTS" }, { "status": "affected", "version": "9.2 CD" } ] } ], "datePublic": "2022-02-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.9, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/S:U/I:L/PR:N/C:L/AV:N/UI:N/A:L/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-01T16:45:25", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6560032" }, { "name": "ibm-mq-cve202138986-session-fixation (212942)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212942" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-02-28T00:00:00", "ID": "CVE-2021-38986", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.2 LTS" }, { "version_value": "9.2 CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "H", "AV": "N", "C": "L", "I": "L", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6560032", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6560032 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6560032" }, { "name": "ibm-mq-cve202138986-session-fixation (212942)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212942" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38986", "datePublished": "2022-03-01T16:45:25.622031Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-17T01:36:34.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22321
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6560042 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/218368 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.2 LTS Version: 9.2 CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:07:50.236Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6560042" }, { "name": "ibm-mq-cve202222321-info-disc (218368)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2 LTS" }, { "status": "affected", "version": "9.2 CD" } ] } ], "datePublic": "2022-02-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AV:L/UI:N/C:H/PR:N/I:N/S:U/AC:H/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-01T16:45:26", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6560042" }, { "name": "ibm-mq-cve202222321-info-disc (218368)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-02-28T00:00:00", "ID": "CVE-2022-22321", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.2 LTS" }, { "version_value": "9.2 CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "L", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6560042", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6560042 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6560042" }, { "name": "ibm-mq-cve202222321-info-disc (218368)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22321", "datePublished": "2022-03-01T16:45:26.994220Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-16T18:03:45.740Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22355
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6564711 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/220486 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.2 LTS Version: 9.2 CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:54.744Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6564711" }, { "name": "ibm-mq-cve202222355-dos (220486)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220486" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2 LTS" }, { "status": "affected", "version": "9.2 CD" } ] } ], "datePublic": "2022-04-04T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/A:L/AV:N/AC:L/C:N/PR:N/S:U/I:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-05T16:45:21", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6564711" }, { "name": "ibm-mq-cve202222355-dos (220486)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220486" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-04-04T00:00:00", "ID": "CVE-2022-22355", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.2 LTS" }, { "version_value": "9.2 CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6564711", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6564711 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6564711" }, { "name": "ibm-mq-cve202222355-dos (220486)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220486" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22355", "datePublished": "2022-04-05T16:45:21.335870Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-17T00:56:53.642Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-39000
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6519422 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/213215 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.2.0.0 Version: 9.2.1 Version: 9.2.0.1 Version: 9.2.2 Version: 9.2.0.2 Version: 9.2.0.3 Version: 9.2.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:16.523Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6519422" }, { "name": "ibm-mq-cve202139000-info-disc (213215)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213215" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.2.0.0" }, { "status": "affected", "version": "9.2.1" }, { "status": "affected", "version": "9.2.0.1" }, { "status": "affected", "version": "9.2.2" }, { "status": "affected", "version": "9.2.0.2" }, { "status": "affected", "version": "9.2.0.3" }, { "status": "affected", "version": "9.2.3" } ] } ], "datePublic": "2021-11-29T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/PR:N/AV:N/C:H/I:N/UI:N/A:N/S:U/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-30T16:45:19", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6519422" }, { "name": "ibm-mq-cve202139000-info-disc (213215)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213215" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-11-29T00:00:00", "ID": "CVE-2021-39000", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.2.0.0" }, { "version_value": "9.2.1" }, { "version_value": "9.2.0.1" }, { "version_value": "9.2.2" }, { "version_value": "9.2.0.2" }, { "version_value": "9.2.0.3" }, { "version_value": "9.2.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6519422", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6519422 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6519422" }, { "name": "ibm-mq-cve202139000-info-disc (213215)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213215" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-39000", "datePublished": "2021-11-30T16:45:19.481134Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T16:13:28.214Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4731
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1125885 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/172616 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ Appliance |
Version: 9.1.4.CD |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:48.955Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1125885" }, { "name": "ibm-mq-cve20194731-info-disc (172616)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172616" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1.4.CD" } ] } ], "datePublic": "2020-07-27T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/A:N/C:H/AC:H/S:U/PR:N/I:N/UI:N/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-28T12:05:25", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1125885" }, { "name": "ibm-mq-cve20194731-info-disc (172616)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172616" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-07-27T00:00:00", "ID": "CVE-2019-4731", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ Appliance", "version": { "version_data": [ { "version_value": "9.1.4.CD" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "L", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1125885", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1125885 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/1125885" }, { "name": "ibm-mq-cve20194731-info-disc (172616)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172616" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4731", "datePublished": "2020-07-28T12:05:25.329060Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T01:26:07.558Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }