cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-27256,https://securityvulnerability.io/vulnerability/CVE-2024-27256,Weak Cryptographic Algorithms Affect IBM MQ Container Products,"IBM MQ Container versions 3.0.0 to 3.1.3 and 2.0.0 LTS to 2.4.8 exhibit weaknesses in cryptographic algorithms. These algorithms could potentially allow an attacker to decrypt sensitive information, posing a significant risk to data confidentiality. Users of affected versions should review their deployment and consider applying recommended patches or workarounds from IBM to mitigate this security issue.",IBM,MQ Operator,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-27T16:27:53.275Z,0
CVE-2024-52897,https://securityvulnerability.io/vulnerability/CVE-2024-52897,Sensitive Information Disclosure in IBM MQ Web Console,"The IBM MQ web console in versions 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD contains a vulnerability that may allow remote attackers to retrieve sensitive information by exploiting detailed technical error messages. Proper validation and error handling are essential to mitigate this risk and safeguard the integrity of sensitive data.",IBM,MQ,6.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T18:15:00.000Z,0
CVE-2024-52896,https://securityvulnerability.io/vulnerability/CVE-2024-52896,Remote Information Disclosure in IBM MQ Appliance Web Console,"The IBM MQ Appliance web console suffers from a vulnerability that allows remote attackers to capture sensitive information through improperly handled detailed technical error messages. When error messages containing excessive detail are displayed, they can inadvertently reveal critical internal information that could be leveraged for further attacks. Organizations utilizing affected versions of IBM MQ Appliance need to implement security measures to prevent the exposure of sensitive data and reduce the attack surface.",IBM,MQ,6.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T17:15:00.000Z,0
CVE-2024-40681,https://securityvulnerability.io/vulnerability/CVE-2024-40681,Bypass Security Restrictions with IBM MQ Operator,"A security vulnerability in IBM MQ may allow an authenticated user with specific roles to circumvent established security measures, leading to the potential execution of unauthorized actions against the queue manager. This flaw affects several versions of IBM MQ, posing a risk to systems relying on this messaging platform.",IBM,MQ Operator,7.5,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-09-07T14:09:19.767Z,0
CVE-2024-40680,https://securityvulnerability.io/vulnerability/CVE-2024-40680,IBM MQ Operator Denial of Service Vulnerability,IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.,IBM,MQ Operator,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T14:02:30.422Z,0
CVE-2024-39742,https://securityvulnerability.io/vulnerability/CVE-2024-39742,Bypass Authentication Vulnerability in IBM MQ Operator,"The vulnerability in IBM MQ Operator versions 3.2.2 and 2.0.24 exposes users to potential authentication bypass attacks due to a flaw in how the system performs partial string comparisons. This can allow unauthorized access to certain functionalities under specific configurations, which can compromise the security of the application. The issue has been documented under IBM X-Force ID: 297169 and requires urgent attention from users to ensure their systems are not susceptible to exploitation.",IBM,MQ Operator,9.8,CRITICAL,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-07-08T13:16:10.090Z,0
CVE-2024-39743,https://securityvulnerability.io/vulnerability/CVE-2024-39743,IBM MQ Operator Denial of Service Vulnerability,"IBM MQ Operator versions 3.2.2 and 2.0.24, as well as IBM MQ Container Developer Edition, exhibit a vulnerability that can be exploited by a remote attacker to initiate a denial of service attack. This flaw is due to improper memory de-allocation, which allows an attacker to induce excessive memory consumption on affected servers. Organizations utilizing these versions should review the advisory for mitigation strategies to protect their systems against potential exploitation.",IBM,MQ Operator,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-08T13:14:43.915Z,0
CVE-2024-35116,https://securityvulnerability.io/vulnerability/CVE-2024-35116,IBM MQ Vulnerable to Denial of Service Attack,"IBM MQ versions 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD are susceptible to a denial of service (DoS) attack due to mishandling of configuration changes. This vulnerability allows attackers to disrupt service availability by exploiting errors in the configuration application process, rendering systems unresponsive. Organizations using affected versions of IBM MQ should ensure they are taking the necessary steps to patch or mitigate against potential threats posed by this issue.",IBM,MQ,7.5,HIGH,0.0007200000109151006,false,,false,false,false,,,false,false,,2024-06-28T18:20:50.152Z,0
CVE-2024-35156,https://securityvulnerability.io/vulnerability/CVE-2024-35156,IBM MQ Vulnerability Could Lead to Sensitive Information Disclosure,IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.  IBM X-Force ID:  292766.,IBM,MQ,6.5,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2024-06-28T18:12:21.696Z,0
CVE-2024-35155,https://securityvulnerability.io/vulnerability/CVE-2024-35155,Remote Attack via Detailed Technical Error Message in Browser Could Lead to Sensitive Information Disclosure,IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.  IBM X-Force ID:  292765.,IBM,MQ,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-06-28T17:40:37.828Z,0
CVE-2024-31912,https://securityvulnerability.io/vulnerability/CVE-2024-31912,Potential Privilege Escalation Vulnerability in IBM MQ 9.3 LTS and 9.3 CD,"A vulnerability has been identified in IBM MQ versions 9.3 LTS and 9.3 CD that may grant authenticated users the ability to escalate their privileges. This issue arises from improper privilege assignments within certain configurations, potentially leading to unauthorized access levels. Organizations using these affected versions should evaluate their settings and implement recommended security measures to mitigate risks.",IBM,MQ,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-06-28T17:38:11.302Z,0
CVE-2024-31919,https://securityvulnerability.io/vulnerability/CVE-2024-31919,IBM MQ Vulnerable to Denial of Service Attack,"IBM MQ versions 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD can experience denial of service conditions under specific configurations. This vulnerability arises from an error during message processing when employing an API Exit utilizing MQBUFMH. Attackers may exploit this weakness to disrupt the service, making it crucial for users to identify and mitigate the issue.",IBM,MQ,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-28T17:34:15.469Z,0
CVE-2024-25015,https://securityvulnerability.io/vulnerability/CVE-2024-25015,IBM MQ Denial of Service Vulnerability,"A vulnerability in IBM MQ products allows for a denial of service that can be triggered by remote attackers. By sending specially crafted HTTP requests, a remote user could exhaust the system's available resources, leading to service disruption. This affects multiple versions of IBM MQ, including 9.2 LTS and 9.3 LTS. Organizations using these versions are advised to implement measures to mitigate the risk and monitor for suspicious activities. Further details can be found in IBM's vendor advisory.",IBM,MQ,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-01T16:16:16.641Z,0
CVE-2024-25048,https://securityvulnerability.io/vulnerability/CVE-2024-25048,IBM MQ Appliance Vulnerable to Heap-Based Buffer Overflow,"The IBM MQ Appliance version 9.3 CD and LTS is susceptible to a heap-based buffer overflow due to inadequate bounds checking mechanisms. This vulnerability can be exploited by a remote authenticated attacker, allowing them to overflow a buffer, which could lead to the execution of arbitrary code on the affected system or may result in the server crashing. Mitigating this risk is crucial to maintaining system integrity and security.",IBM,MQ Appliance,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-27T12:07:33.519Z,0
CVE-2023-45177,https://securityvulnerability.io/vulnerability/CVE-2023-45177,IBM MQ Vulnerable to Denial-of-Service Attack,"IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic.  IBM X-Force ID:  268066.",IBM,MQ,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-20T17:29:59.398Z,0
CVE-2023-47745,https://securityvulnerability.io/vulnerability/CVE-2023-47745,IBM MQ Operator Stores or Transmits User Credentials in Plain Clear Text,"IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command.  IBM X-Force ID:  272638.",IBM,MQ Operator,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-03T11:56:00.503Z,0
CVE-2024-27255,https://securityvulnerability.io/vulnerability/CVE-2024-27255,IBM MQ Operator Vulnerabilities: Weak Cryptographic Algorithms Expose Sensitive Information,"IBM MQ Operator versions 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, along with several earlier versions (2.4.0 to 2.4.7, 2.3.0 to 2.3.3, and 2.2.0 to 2.2.2) utilize cryptographic algorithms that do not meet security standards. This vulnerability may enable unauthorized parties to decrypt sensitive information guarded by weak encryption, thus compromising data integrity and confidentiality. Organizations utilizing these affected versions should prioritize an urgent review of their security protocols and consider upgrading to robust encryption frameworks.",IBM,MQ Operator,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-03-03T11:54:10.301Z,0
CVE-2024-25016,https://securityvulnerability.io/vulnerability/CVE-2024-25016,IBM MQ and IBM MQ Appliance Denial of Service Vulnerability,"A vulnerability exists in IBM MQ and IBM MQ Appliance that may allow remote attackers to exploit incorrect buffering logic. This could result in a denial of service, where the services become unavailable to users. The affected versions include IBM MQ 9.0, 9.1, 9.2, as well as 9.3 LTS and 9.3 CD. It is crucial for organizations using these products to apply security patches and implement best practices to mitigate potential risks associated with this vulnerability.",IBM,MQ,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-03T03:09:09.906Z,0
CVE-2023-46177,https://securityvulnerability.io/vulnerability/CVE-2023-46177,IBM MQ Appliance information disclosure,IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system.  An attacker could send a specially crafted URL request to view arbitrary files on the system.  IBM X-Force ID:  269536.,IBM,MQ Appliance,6.5,MEDIUM,0.0012199999764561653,false,,false,false,false,,,false,false,,2023-12-18T15:15:00.000Z,0
CVE-2023-46176,https://securityvulnerability.io/vulnerability/CVE-2023-46176,IBM MQ privilege escalation,"IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys.  IBM X-Force ID:  269535.",IBM,MQ Appliance,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-03T01:15:00.000Z,0
CVE-2023-28513,https://securityvulnerability.io/vulnerability/CVE-2023-28513,IBM MQ denial of service,"IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages.  IBM X-Force ID:  250397.",IBM,"MQ,MQ Appliance",5.9,MEDIUM,0.0029800001066178083,false,,false,false,false,,,false,false,,2023-07-19T02:15:00.000Z,0
CVE-2023-28950,https://securityvulnerability.io/vulnerability/CVE-2023-28950,IBM MQ information disclosure,"IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled.  IBM X-Force ID:  251358.",IBM,MQ,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-05-19T16:15:00.000Z,0
CVE-2023-28514,https://securityvulnerability.io/vulnerability/CVE-2023-28514,IBM MQ information disclosure,"IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace.  IBM X-Force ID:  250398.",IBM,MQ,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-05-19T15:15:00.000Z,0
CVE-2023-26285,https://securityvulnerability.io/vulnerability/CVE-2023-26285,IBM MQ denial of service,"IBM MQ versions 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS are subject to a vulnerability that may allow a remote attacker to trigger a denial of service condition. This can occur when the system encounters errors while processing invalid data, potentially disrupting service availability and impacting operational continuity.",IBM,MQ,5.9,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-05-05T16:15:00.000Z,0
CVE-2023-22874,https://securityvulnerability.io/vulnerability/CVE-2023-22874,IBM MQ denial of service,"IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files.  IBM X-Force ID:  244216.",IBM,MQ,5.5,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2023-05-05T15:15:00.000Z,0