All the vulnerabilites related to IBM - MQ for HPE NonStop
cve-2020-4352
Vulnerability from cvelistv5
Published
2020-05-29 13:10
Modified
2024-09-16 20:32
Severity ?
EPSS score ?
Summary
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6217600 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/178427 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ for HPE NonStop |
Version: 8.1.0 Version: 8.0.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:07.372Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6217600" }, { "name": "ibm-mq-cve20204352-priv-escalation (178427)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178427" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ for HPE NonStop", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.1.0" }, { "status": "affected", "version": "8.0.4" } ] } ], "datePublic": "2020-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/S:U/AV:L/PR:N/A:L/AC:H/C:L/I:L/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-29T13:10:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6217600" }, { "name": "ibm-mq-cve20204352-priv-escalation (178427)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178427" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-05-28T00:00:00", "ID": "CVE-2020-4352", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ for HPE NonStop", "version": { "version_data": [ { "version_value": "8.1.0" }, { "version_value": "8.0.4" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "H", "AV": "L", "C": "L", "I": "L", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6217600", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6217600 (MQ for HPE NonStop)", "url": "https://www.ibm.com/support/pages/node/6217600" }, { "name": "ibm-mq-cve20204352-priv-escalation (178427)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178427" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4352", "datePublished": "2020-05-29T13:10:20.156736Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T20:32:05.845Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22325
Vulnerability from cvelistv5
Published
2022-05-13 16:15
Modified
2024-09-16 17:49
Severity ?
EPSS score ?
Summary
IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6585780 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/218853 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ for HPE NonStop |
Version: 8.1.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:07:50.498Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6585780" }, { "name": "ibm-mq-cve202222325-info-disc (218853)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218853" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ for HPE NonStop", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.1.0" } ] } ], "datePublic": "2022-05-12T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:N/C:H/UI:N/AV:L/A:N/AC:H/PR:N/S:U/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-13T16:15:18", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6585780" }, { "name": "ibm-mq-cve202222325-info-disc (218853)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218853" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-05-12T00:00:00", "ID": "CVE-2022-22325", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ for HPE NonStop", "version": { "version_data": [ { "version_value": "8.1.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "L", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6585780", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6585780 (MQ for HPE NonStop)", "url": "https://www.ibm.com/support/pages/node/6585780" }, { "name": "ibm-mq-cve202222325-info-disc (218853)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218853" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22325", "datePublished": "2022-05-13T16:15:18.573004Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-16T17:49:14.224Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4466
Vulnerability from cvelistv5
Published
2020-07-20 14:05
Modified
2024-09-16 20:13
Severity ?
EPSS score ?
Summary
IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6250473 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/181563 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ for HPE NonStop |
Version: 8.1.0 Version: 8.0.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:48.924Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6250473" }, { "name": "ibm-mq-cve20204466-dos (181563)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181563" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ for HPE NonStop", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.1.0" }, { "status": "affected", "version": "8.0.4" } ] } ], "datePublic": "2020-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/C:N/UI:N/AV:N/AC:L/A:H/PR:L/I:N/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-20T14:05:24", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6250473" }, { "name": "ibm-mq-cve20204466-dos (181563)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181563" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-07-17T00:00:00", "ID": "CVE-2020-4466", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ for HPE NonStop", "version": { "version_data": [ { "version_value": "8.1.0" }, { "version_value": "8.0.4" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6250473", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6250473 (MQ for HPE NonStop)", "url": "https://www.ibm.com/support/pages/node/6250473" }, { "name": "ibm-mq-cve20204466-dos (181563)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181563" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4466", "datePublished": "2020-07-20T14:05:24.605425Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T20:13:28.620Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51470
Vulnerability from cvelistv5
Published
2024-12-18 19:56
Modified
2024-12-18 20:24
Severity ?
EPSS score ?
Summary
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7179137 | vendor-advisory | |
https://www.ibm.com/support/pages/node/7178085 | vendor-advisory | |
https://www.ibm.com/support/pages/node/7177593 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | IBM | MQ |
Version: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:* |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-51470", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-18T20:24:17.133411Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-18T20:24:38.409Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD" } ] }, { "cpes": [ "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ Appliance", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.3 LTS, 9.3 CD, 9.4 LTS" } ] }, { "cpes": [ "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "MQ for HPE NonStop", "vendor": "IBM", "versions": [ { "lessThanOrEqual": "8.1.0.25", "status": "affected", "version": "8.1.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ\u0026nbsp;9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u0026nbsp;9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u0026nbsp;could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.\u003c/span\u003e" } ], "value": "IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-18T19:56:10.377Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7179137" }, { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7178085" }, { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7177593" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ denial of service", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-51470", "datePublished": "2024-12-18T19:56:10.377Z", "dateReserved": "2024-10-28T10:50:18.700Z", "dateUpdated": "2024-12-18T20:24:38.409Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38950
Vulnerability from cvelistv5
Published
2021-12-14 16:20
Modified
2024-09-16 20:06
Severity ?
EPSS score ?
Summary
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6525810 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/211404 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ for HPE NonStop |
Version: 8.1.0 Version: 8.0.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.389Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6525810" }, { "name": "ibm-mq-cve202138950-priv-escalation (211404)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211404" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ for HPE NonStop", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.1.0" }, { "status": "affected", "version": "8.0.4" } ] } ], "datePublic": "2021-12-13T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/AC:H/C:H/S:U/I:H/AV:L/A:H/UI:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-14T16:20:10", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6525810" }, { "name": "ibm-mq-cve202138950-priv-escalation (211404)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211404" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-12-13T00:00:00", "ID": "CVE-2021-38950", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ for HPE NonStop", "version": { "version_data": [ { "version_value": "8.1.0" }, { "version_value": "8.0.4" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "L", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6525810", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6525810 (MQ for HPE NonStop)", "url": "https://www.ibm.com/support/pages/node/6525810" }, { "name": "ibm-mq-cve202138950-priv-escalation (211404)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211404" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38950", "datePublished": "2021-12-14T16:20:10.693997Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T20:06:32.121Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4376
Vulnerability from cvelistv5
Published
2020-07-01 14:25
Modified
2024-09-17 02:01
Severity ?
EPSS score ?
Summary
IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6242364 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/179081 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ for HPE NonStop |
Version: 8.1.0 Version: 8.0.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:07.541Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6242364" }, { "name": "ibm-mq-cve20204376-dos (179081)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179081" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MQ for HPE NonStop", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.1.0" }, { "status": "affected", "version": "8.0.4" } ] } ], "datePublic": "2020-06-30T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/A:H/PR:L/UI:N/C:N/S:U/AV:N/I:N/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-01T14:25:31", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6242364" }, { "name": "ibm-mq-cve20204376-dos (179081)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179081" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-06-30T00:00:00", "ID": "CVE-2020-4376", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MQ for HPE NonStop", "version": { "version_data": [ { "version_value": "8.1.0" }, { "version_value": "8.0.4" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6242364", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6242364 (MQ for HPE NonStop)", "url": "https://www.ibm.com/support/pages/node/6242364" }, { "name": "ibm-mq-cve20204376-dos (179081)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179081" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4376", "datePublished": "2020-07-01T14:25:31.874715Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T02:01:05.852Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40237
Vulnerability from cvelistv5
Published
2023-02-27 14:18
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6958136 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/235727 | vdb-entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | MQ for HPE NonStop |
Version: 8.1.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:14:39.825Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6958136" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235727" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ for HPE NonStop", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.1.0" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727." } ], "value": "IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-27T14:18:08.342Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6958136" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235727" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ for HPE NonStop denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-40237", "datePublished": "2023-02-27T14:18:08.342Z", "dateReserved": "2022-09-08T15:59:19.270Z", "dateUpdated": "2024-08-03T12:14:39.825Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }