cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-25048,https://securityvulnerability.io/vulnerability/CVE-2024-25048,IBM MQ Appliance Vulnerable to Heap-Based Buffer Overflow,"The IBM MQ Appliance version 9.3 CD and LTS is susceptible to a heap-based buffer overflow due to inadequate bounds checking mechanisms. This vulnerability can be exploited by a remote authenticated attacker, allowing them to overflow a buffer, which could lead to the execution of arbitrary code on the affected system or may result in the server crashing. Mitigating this risk is crucial to maintaining system integrity and security.",IBM,MQ Appliance,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-27T12:07:33.519Z,0
CVE-2023-46177,https://securityvulnerability.io/vulnerability/CVE-2023-46177,IBM MQ Appliance information disclosure,IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system.  An attacker could send a specially crafted URL request to view arbitrary files on the system.  IBM X-Force ID:  269536.,IBM,MQ Appliance,6.5,MEDIUM,0.0012199999764561653,false,,false,false,false,,,false,false,,2023-12-18T15:15:00.000Z,0
CVE-2023-46176,https://securityvulnerability.io/vulnerability/CVE-2023-46176,IBM MQ privilege escalation,"IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys.  IBM X-Force ID:  269535.",IBM,MQ Appliance,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-03T01:15:00.000Z,0
CVE-2023-28513,https://securityvulnerability.io/vulnerability/CVE-2023-28513,IBM MQ denial of service,"IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages.  IBM X-Force ID:  250397.",IBM,"MQ,MQ Appliance",5.9,MEDIUM,0.0029800001066178083,false,,false,false,false,,,false,false,,2023-07-19T02:15:00.000Z,0
CVE-2022-40230,https://securityvulnerability.io/vulnerability/CVE-2022-40230,Session Management Flaw in IBM MQ Appliance,"IBM MQ Appliance versions 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS contain a vulnerability where user sessions are not invalidated after logout. This oversight can potentially allow an authenticated user to impersonate another user, posing a significant risk to system security. Proper session handling is crucial to prevent unauthorized access and ensure user integrity. For further information, visit IBM's official documentation.",IBM,IBM MQ Appliance,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-11-03T00:00:00.000Z,0
CVE-2022-22355,https://securityvulnerability.io/vulnerability/CVE-2022-22355,Denial of Service Vulnerability in IBM MQ Appliance,"IBM MQ Appliance versions 9.2 CD and 9.2 LTS contain a vulnerability in the Login component that can be exploited to trigger a denial of service. This issue can degrade application performance significantly, allowing an attacker to disrupt legitimate user access and impact overall system functionality. It is essential for organizations utilizing these versions to apply the recommended security measures to mitigate the risk associated with this vulnerability.",IBM,MQ Appliance,5.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-04-05T17:15:00.000Z,0
CVE-2022-22356,https://securityvulnerability.io/vulnerability/CVE-2022-22356,Account Credential Enumeration in IBM MQ Appliance,"The IBM MQ Appliance versions 9.2 CD and 9.2 LTS contain a vulnerability that could allow an attacker to enumerate valid account credentials. This issue arises from a notable difference in the response behavior for valid versus invalid login attempts, enabling an attacker to infer the existence of valid user accounts based on the differences in response times. Organizations utilizing these versions should take precautionary measures to safeguard their accounts.",IBM,MQ Appliance,5.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2022-04-05T17:15:00.000Z,0
CVE-2022-22316,https://securityvulnerability.io/vulnerability/CVE-2022-22316,Denial of Service Vulnerability in IBM MQ Appliance Products,"A vulnerability in IBM MQ Appliance versions 9.2 CD and LTS could allow an authenticated user to exploit incorrectly configured authorization checks, potentially leading to a denial of service. This issue underscores the importance of proper security configurations to prevent disruptions in service.",IBM,MQ Appliance,5.3,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2022-03-23T17:15:00.000Z,0
CVE-2022-22321,https://securityvulnerability.io/vulnerability/CVE-2022-22321,Local Messaging Vulnerability in IBM MQ Appliance Products,"The IBM MQ Appliance versions 9.2 CD and 9.2 LTS exhibit a vulnerability where local messaging users are stored with a password hash that does not offer adequate protection. This security flaw may allow unauthorized access to sensitive information, compromising the confidentiality and integrity of messaging communications. Organizations using affected versions should implement recommended security controls to mitigate the risks associated with this vulnerability.",IBM,MQ Appliance,5.1,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-03-01T17:15:00.000Z,0
CVE-2021-38986,https://securityvulnerability.io/vulnerability/CVE-2021-38986,Session Fixation Vulnerability in IBM MQ Appliance,"The IBM MQ Appliance version 9.2 CD and 9.2 LTS contains a session fixation vulnerability that fails to invalidate a user's session after logout. This design flaw can potentially allow an authenticated user to preserve their session and impersonate another user within the system, leading to unauthorized access to sensitive information and actions. Organizations utilizing these versions should take immediate action to mitigate the risk associated with user impersonation.",IBM,MQ Appliance,5.6,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-03-01T17:15:00.000Z,0
CVE-2021-38999,https://securityvulnerability.io/vulnerability/CVE-2021-38999,Information Exposure in IBM MQ Appliance,"The IBM MQ Appliance has a vulnerability that could enable a local attacker to gain unauthorized access to sensitive information. This is achieved through the inclusion of sensitive data in the trace logs, potentially exposing this data under certain circumstances. Organizations using affected versions should take immediate steps to review their configurations and consider implementing measures to mitigate the risk associated with this vulnerability.",IBM,MQ Appliance,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-11-30T17:15:00.000Z,0
CVE-2021-38967,https://securityvulnerability.io/vulnerability/CVE-2021-38967,Local Code Execution Vulnerability in IBM MQ Appliance,"A local code execution vulnerability exists in IBM MQ Appliance versions 9.2 CD and 9.2 LTS, enabling a local privileged user to execute unauthorized commands by injecting malicious code. Successful exploitation could lead to unauthorized access to sensitive operations and data. Secure your systems by updating to the latest available version.",IBM,MQ Appliance,8.2,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-11-30T17:15:00.000Z,0
CVE-2021-39000,https://securityvulnerability.io/vulnerability/CVE-2021-39000,Information Disclosure Vulnerability in IBM MQ Appliance,"An information disclosure vulnerability exists in IBM MQ Appliance versions 9.2 CD and 9.2 LTS, allowing a local attacker to retrieve sensitive data through the inclusion of diagnostic information. This vulnerability can compromise the confidentiality of sensitive data by exposing it unintentionally within the diagnostics, posing a risk to data security. Organizations using these versions should assess their exposure and apply necessary mitigations to protect against potential unauthorized access.",IBM,MQ Appliance,5.9,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-11-30T17:15:00.000Z,0
CVE-2021-38958,https://securityvulnerability.io/vulnerability/CVE-2021-38958,Denial of Service Vulnerability in IBM MQ Appliance 9.2 Series,"IBM MQ Appliance versions 9.2 CD and 9.2 LTS are susceptible to a denial of service (DoS) vulnerability, resulting from a concurrency issue. An attacker could leverage this flaw to disrupt service availability, potentially affecting the performance and reliability of critical applications reliant on this messaging platform. It is important for organizations utilizing these products to implement necessary patches and mitigation strategies to safeguard against potential exploitation.",IBM,MQ Appliance,5.1,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-11-30T17:15:00.000Z,0
CVE-2021-29843,https://securityvulnerability.io/vulnerability/CVE-2021-29843,Denial of Service Vulnerability in IBM MQ by IBM,"IBM MQ versions 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2 CD are susceptible to a denial of service attack due to an issue that arises when processing message properties. This vulnerability may allow attackers to disrupt the normal operations of the messaging system, potentially leading to significant downtime and service interruptions for applications relying on IBM MQ for message delivery.",IBM,MQ Appliance,5.3,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2021-11-08T17:15:00.000Z,0
CVE-2020-4938,https://securityvulnerability.io/vulnerability/CVE-2020-4938,,IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815.,IBM,MQ Appliance,4.3,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-07-12T16:15:00.000Z,0
CVE-2020-4931,https://securityvulnerability.io/vulnerability/CVE-2020-4931,,"IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.",IBM,MQ Appliance,6.5,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2021-02-24T18:15:00.000Z,0
CVE-2020-4869,https://securityvulnerability.io/vulnerability/CVE-2020-4869,,"IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831.",IBM,MQ Appliance,5.3,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2021-01-11T17:15:00.000Z,0
CVE-2020-4870,https://securityvulnerability.io/vulnerability/CVE-2020-4870,,IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833.,IBM,"MQ,MQ Appliance",5.9,MEDIUM,0.0019099999917671084,false,,false,false,false,,,false,false,,2020-12-21T18:15:00.000Z,0
CVE-2020-4592,https://securityvulnerability.io/vulnerability/CVE-2020-4592,,"IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.",IBM,MQ Appliance,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2020-11-18T18:15:00.000Z,0
CVE-2020-4319,https://securityvulnerability.io/vulnerability/CVE-2020-4319,,"IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402.",IBM,MQ Appliance,3.1,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-07-28T12:15:00.000Z,0
CVE-2020-4465,https://securityvulnerability.io/vulnerability/CVE-2020-4465,,"IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562.",IBM,MQ Appliance,5.3,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2020-07-28T12:15:00.000Z,0
CVE-2020-4375,https://securityvulnerability.io/vulnerability/CVE-2020-4375,,"IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080.",IBM,MQ Appliance,5.9,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2020-07-28T12:15:00.000Z,0
CVE-2019-4731,https://securityvulnerability.io/vulnerability/CVE-2019-4731,,IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616.,IBM,MQ Appliance,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-07-28T12:15:00.000Z,0
CVE-2020-4498,https://securityvulnerability.io/vulnerability/CVE-2020-4498,,IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.,IBM,MQ Appliance,4.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-07-27T14:15:00.000Z,0